From: greg at laundrymat dot tv Operating system: redhat 7.0 PHP version: 4.3.0 PHP Bug Type: Feature/Change Request Bug description: braoder apache-php security options
I really think there needs to be a way to prohibit system() ticker, or exec() on a per directory basis via the apache conf file. Safe mode is too restrictive and open_basedir doesn't work with these commands. Either make open base_dir actually work on all functions or create a way to shut these functions or any fuction off on a per directory basis. Its really is a must. I have a site that gives clients ftp access, A script could read the majority of the files on my server using the ticker and the vi commands. Thanks Greg Greenhaw -- Edit bug report at http://bugs.php.net/?id=22410&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=22410&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=22410&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=22410&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=22410&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=22410&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=22410&r=support Expected behavior: http://bugs.php.net/fix.php?id=22410&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=22410&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=22410&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=22410&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22410&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=22410&r=dst IIS Stability: http://bugs.php.net/fix.php?id=22410&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=22410&r=gnused
