Marek,
but the program was executed using a system call from a php script.
- rt
And that's what I mean. Every fopen call (almost) in the php binary is wrapped around the safe mode checks. But once you leave the php binary, or even load a php module that does not use this wrapper, safe mode does not work anymore.
On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
robert mena wrote --- napísal::
Hi,
I host a few virtual domains in apache 2 and use php.
The virtual domain is something like
<VirtualHost a.b.c.d:80> ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ <Directory /home/httpd/html/domain.com/> AllowOverride AuthConfig Limit php_admin_value doc_root "/home/httpd/html/domain.com/" php_admin_flag safe_mode on php_admin_value open_basedir "/home/httpd/html/domain.com:/tmp/" </Directory> </VirtualHost>
Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files.
Shouldn't the settings above retrict such thing ?
no, this setting affects only php, not programs executed from php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php