ID: 32421
Updated by: [EMAIL PROTECTED]
Reported By: ricardi at gmail dot com
-Status: Open
+Status: Closed
Bug Type: Documentation problem
Operating System: *nix (Tested on Linux)
PHP Version: 4.3.10
New Comment:
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.
Thank you for the report, and for helping us make our documentation
better.
"These PHP rectrictions are not valid in executed binaries, of course."
Previous Comments:
------------------------------------------------------------------------
[2005-03-28 04:49:44] ricardi at gmail dot com
Thank you. Please, the banner could be placed at this chapter:
Chapter 42. Safe Mode
Under the section:
safe_mode_exec_dir
I think that the problem is big enough to receive a big warning too.
Others chapters like:
IV. Security
XXXI. Program Execution Functions
... could be helpfull too.
The banner contents would be something like:
"The PHP Engine (and nobody) can't take care of your children. Not
trusteds binaries can be dangerous to your system. In Mass VirtualHost
machines, we suggest to disable exec functions".
Thanks again!
------------------------------------------------------------------------
[2005-03-26 15:01:15] [EMAIL PROTECTED]
Warning should go to the docs... (if it's not there yet)
------------------------------------------------------------------------
[2005-03-24 00:21:50] ricardi at gmail dot com
Ok. So, even knowing this, there is no banner with a warning about this
problem? Please, just to close this "bug", put this warning when talking
about safe_mode_exec_dir. When you are using PHP in a Hosting Provider
with thousand domains, the banner CERTAINLY would be helpfull. I've
almost had 12000 defaces because I didn't be advised about
sefa_mode_exec_dir bypass. Please, think about it!
Thank you!
------------------------------------------------------------------------
[2005-03-23 16:41:51] [EMAIL PROTECTED]
>The PHP engine can't not control de children created by the
>exec functions?
exactly.
and nobody can.
------------------------------------------------------------------------
[2005-03-23 16:38:58] ricardi at gmail dot com
The PHP engine can't not control de children created by the exec
functions? This could be a great security enhancement, since that some
php applications are suffering from xploits that use this technic. I've
already disable this functions now, but our clients are unhappy with
this limitations.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/32421
--
Edit this bug report at http://bugs.php.net/?id=32421&edit=1
