But where user "fred" can opendir() a directory owned by user "mary"
(underneath the open_basedir), that action doesn't even pass a UID check
if the UIDs are supposed to match in safe mode in order for the action to
be allowed.

How would an optional GID check help?


> > When in "safe mode" shouldn't PHP check to see if the directory that is
> > about to be opened with a opendir() function has the same UID as the PHP
> > script itself, and fail if the UIDs do not match?
>  From 4.1.0, optional GID check is available.
> Take a look at lastest implementation see if you still have issues.
> http://snaps.php.net/
> --
> Yasuo Ohgaki

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to