Marek, Justin,
am I doing something wrong with the setup because I saw the logs and a
redeye.php was used to system("perl -xxxx") and was not supposed to.
On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
>
> Justin Patrin wrote --- napísal::
> > On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
> >
> >>robert mena wrote --- napísal::
> >>
> >>>Hi,
> >>>
> >>>I host a few virtual domains in apache 2 and use php.
> >>>
> >>>The virtual domain is something like
> >>>
> >>><VirtualHost a.b.c.d:80>
> >>> ServerAdmin [EMAIL PROTECTED]
> >>> DocumentRoot /home/httpd/html/domain.com
> >>> ServerName www.domain.com
> >>> ErrorLog logs/domain.com-error_log
> >>> CustomLog logs/domain.com-access_log combined
> >>> ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
> >>> <Directory /home/httpd/html/domain.com/>
> >>> AllowOverride AuthConfig Limit
> >>> php_admin_value doc_root "/home/httpd/html/domain.com/"
> >>> php_admin_flag safe_mode on
> >>> php_admin_value open_basedir "/home/httpd/html/domain.com:/tmp/"
> >>> </Directory>
> >>></VirtualHost>
> >>>
> >>>Recently I had a minor problem with a user that uploaded via ftp a php
> >>>script in his domain and this domain used exec/system etc to call
> >>>perl, read files.
> >>>
> >>>Shouldn't the settings above retrict such thing ?
> >>>
> >>
> >>no, this setting affects only php, not programs executed from php
> >
> >
> > If you have safe mode on, you can set various things to stop this. One
> > is safe_mode_exec_dir.
>
> Actualy you have to if you want to use any of the exec functions:
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
