At 03:54 PM 3/3/2002 -0500, James E. Flemer wrote:
>Well actually, open_basedir is not *supposed* to check
>UIDs. However, safe_mode *is*, and it was not for the
>opendir() function. So I patched it to do so (in CVS). Also
>I noticed that when the CHECKUID_ALLOW_ONLY_DIR flag is
>passed to php_che
Well actually, open_basedir is not *supposed* to check
UIDs. However, safe_mode *is*, and it was not for the
opendir() function. So I patched it to do so (in CVS). Also
I noticed that when the CHECKUID_ALLOW_ONLY_DIR flag is
passed to php_checkuid(), that it misses the case where you
are referring
hi,
Just wanted to let you guys know that the php opendir() function suffers a tiny
security risk in a multiuser environment. Say you have a server with multiple users
having access to php. Those users Homedirs are stored in the same tree (say
/data/users/).
With the function as it is now, t
