Edit report at http://bugs.php.net/bug.php?id=5575&edit=1
ID: 5575 Updated by: [email protected] Reported by: greg at netserv dot net dot au Summary: open_basedir to ~ Status: Open Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues Operating System: Linux PHP Version: 4.0.1pl2 Block user comment: N New Comment: This won't make sense in mostconfiguartions, it can be setper vhost in httpd.conf, though. Previous Comments: ------------------------------------------------------------------------ [2000-07-14 04:56:20] greg at netserv dot net dot au is it possible to make open_basedir setable to ~ so the base of the script can be the home directory of the owner of the script. I have set it to . so one users cant just do a fopen on another users scripts This has the side effect that using mutiple directories for a set of scripts is very tricky as the scripts cant include files from directories next to or below them selves. I havent fully tested this but it also seems that the restrictions that mean you cant create a file in safe mode with open_basedir set seem to mean that the tmp_uploads arent possible Is it possible to make tmp_uploaddir also setable to ~/tmp or allow tmp_upload to over ride the create restrictions to allow for dynamic tempoary file names. It seems to me that many people are relying on the security of their phpscripts when another user on the system can simply read their files useing the common "nobody" permissions Thanks Greg ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=5575&edit=1
