Edit report at http://bugs.php.net/bug.php?id=53263&edit=1
ID: 53263 Updated by: [email protected] Reported by: [email protected] Summary: Allow realpath cache to function even with open_basedir enabled Status: Open Type: Feature/Change Request Package: Safe Mode/open_basedir Operating System: * PHP Version: 5.3.3 Block user comment: N New Comment: I don't think the security problem is fixable. We have no way to prevent the contents behind a cache entry from changing which is the root of the security problem. And I don't see the point in open_basedir if you remove the security aspect. The less secure toggle is to simply turn off open_basedir. An open_basedir feature that doesn't actually guarantee that users can't open files outside of the specified base directory isn't useful. Previous Comments: ------------------------------------------------------------------------ [2010-11-08 14:17:30] [email protected] Description: ------------ As described in bug #52312 - realpath cache is disabled when open_basedir is enabled. Would it be possible to either: 1) Fix the security problem related to having both enabled at the same time 2) Add a php.ini or ./configure toggle to enable both at the same time, overriding the security aspect in order to gain performance. Thanks ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53263&edit=1
