Hi, I follow bugtraq and recently there was a thread regarding safe_mode of php and how to "break" it. The thread was killed without a conclusion to where this is really a new threat or the same problem (scripts executed with sage uid/gid of the web server). So, I was wondering if the php-dev team has already reached a veredict. I recently saw a post about the use of suExec and I'd like to know the performance impact and is there anything php could do to make such thing easier (perhaps this is more an apache issue). Up to now all my virtual domains have used safe_mode, openbase_dir and document_root settings limiting the access to files/scripts located under the virtual directory and no access to override the settings with a .htaccess. Is this secure "enough" ? My major concern is the hability to upload a php code (using ftp), some c files of a local exploit, compile it and execute as apache... thanks. __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]