On Mon, Oct 07, 2002 at 12:11:37PM +0200, Melvyn Sopacua wrote: > At 12:00 10/7/2002 +0200, Derick Rethans wrote: > >No, as for windows everything is executable... see the .scr virusses for > >example :) > > Yes - and that's why it is a good idea, to either not implement it, or > return true. > > For instance - in a CMS you tipically allow uploads, to a specific location. > is_executable, is one of the checks you could implement, to make sure it > doesn't > overwrite something nasty. On windows this would either fail every file > upload > or - if you return false - it would allow overwriting of true executables. > > Of course - since NTSEC has more security layers than standard unix > filepermissions, one could argue, that a good server administrator knows > how to propogate permissions in a webtree. > > In that case, you need to detect NTSEC.
Well, I'm not really sure about this anymore. There is no real way to see if a file can be executed - in command prompt for example, AFIAK only .com, .bat and .exe files are considered executable, but explorer uses some registry settings (at least, on FAT filesystems). Don't know what NTSEC exactly is, but I assume it's similar too (or maybe the same as) NTFS. That means we need some filesystem dependant code too.... Unless someone implements it all, I'd rather see the function missing than returning a (possibly bogus) true. Sander -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
