Hello
Sorry, I clearly didn't make myself clear. I was refering to when NOT
using safe mode - which is too limiting for our clients. We prefer to use
open basedir. Anyway, not to worry, I simply modified the source code to
prevet exec of backticks.
Cheers
Henka
On 3 Feb 2001, Bug Database wrote:
> ID: 9000
> Updated by: david
> Reported By: [EMAIL PROTECTED]
> Old-Status: Open
> Status: Closed
> Bug Type: *Configuration Issues
> Assigned To:
> Comments:
>
> safe_mode disables ``
> safe_mode_exec_dir specifies a base directory for executables
> disable_functions allows you to turn disable certain functions completely
>
> Previous Comments:
> ---------------------------------------------------------------------------
>
> [2001-01-30 07:47:01] [EMAIL PROTECTED]
>
> Even with open_basedir . configured in php.ini, the following bypasses it with
>concerning ease:
>
> echo `cat /etc/passwd`;
>
> The fact that open_basedir is in force is obvious when we try fopen ("/etc/passwd",
>"r"), etc - ie, the expected open_basedir error pops up.
>
> Surely this is not a bug? If so, is there a way to disable backticks?
>
> I'll wait for some kind of response before I send this to the usual support mailing
>lists.
>
> ---------------------------------------------------------------------------
>
>
>
> ATTENTION! Do NOT reply to this email!
> To reply, use the web interface found at http://bugs.php.net/?id=9000&edit=2
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
