> So, tell me if Im right, if I set the open_basedir = . , then only the files > located where the php script is will be able to be opened useing fopen? Im > right?
Yes. Though I don't know what happens when you store a php script in /etc with '.' as base_dir :-) > This is a serious issue... I have a php script wich lets me navigate the > entire hard disk in a cobalt raq3. I have sent it to cobalt security > people... but they just didn�t say a word about it Which I can understand. This is your responsibility. You should know what you are running :-) And RTFM is not asked too much, IMHO. Jan Wildeboer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
