> When in "safe mode" shouldn't PHP check to see if the directory that is
> about to be opened with a opendir() function has the same UID as the PHP
> script itself, and fail if the UIDs do not match?

 From 4.1.0, optional GID check is available.

> Because in PHP 4.0.6 with safe_mode "on", a PHP script owned by "fred" can
> open any directory owned by any other UID, so long as the directory is
> under the "open_basedir".  This does not seem right to me, as it allows a

> user in safe_mode to browse all the files on the entire webserver, looking
> for things he might be able to peek at with a web browser.
> Please advise whether this should be a bug report.

Take a look at lastest implementation see if you still have issues.


Yasuo Ohgaki

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to