[PHP] Safe mode + /usr/share/php

[Artyom Plouzhnikoff]

  Is it possible to use safe mode yet allow all scripts to include any files 
from /usr/share/php? Normal users ain't gonna have *write* access to that 
directory, so it shouldn't be much of a security concern, I just don't know 
how to do this. I know that I can disable safe_mode and enable open_basedir, 
but that will create yet another security hole because normal users will be 
able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can 
make PHP load a custom glibc and thus gain root access to the box if I allow 
them to do that.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Safe mode + /usr/share/php

[Rasmus Lerdorf]

A recent feature addition (4.0.7) is a safe_mode_include_dir php.ini
directive where you can do exactly this.

-Rasmus

On Sun, 26 Aug 2001, Artyom Plouzhnikoff wrote:

   Is it possible to use safe mode yet allow all scripts to include any files
 from /usr/share/php? Normal users ain't gonna have *write* access to that
 directory, so it shouldn't be much of a security concern, I just don't know
 how to do this. I know that I can disable safe_mode and enable open_basedir,
 but that will create yet another security hole because normal users will be
 able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can
 make PHP load a custom glibc and thus gain root access to the box if I allow
 them to do that.




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]