From: [EMAIL PROTECTED]
Operating system: linux 2218
PHP version: 4.0.4pl1
PHP Bug Type: *Configuration Issues
Bug description: echo `cat /etc/passwd` -- bypasses open_basedir .
Even with open_basedir . configured in php.ini, the following bypasses it with
concerning ease:
echo `cat /etc/passwd`;
The fact that open_basedir is in force is obvious when we try fopen ("/etc/passwd",
"r"), etc - ie, the expected open_basedir error pops up.
Surely this is not a bug? If so, is there a way to disable backticks?
I'll wait for some kind of response before I send this to the usual support mailing
lists.
--
Edit Bug report at: http://bugs.php.net/?id=9000&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
