Justin Patrin wrote --- napísal::
On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
robert mena wrote --- napísal::
Hi,
I host a few virtual domains in apache 2 and use php.
The virtual domain is something like
<VirtualHost a.b.c.d:80>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/httpd/html/domain.com
ServerName www.domain.com
ErrorLog logs/domain.com-error_log
CustomLog logs/domain.com-access_log combined
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/html/domain.com/>
AllowOverride AuthConfig Limit
php_admin_value doc_root "/home/httpd/html/domain.com/"
php_admin_flag safe_mode on
php_admin_value open_basedir "/home/httpd/html/domain.com:/tmp/"
</Directory>
</VirtualHost>
Recently I had a minor problem with a user that uploaded via ftp a php
script in his domain and this domain used exec/system etc to call
perl, read files.
Shouldn't the settings above retrict such thing ?
no, this setting affects only php, not programs executed from php
If you have safe mode on, you can set various things to stop this. One
is safe_mode_exec_dir.
Actualy you have to if you want to use any of the exec functions:
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php