Search the Community
Showing results for tags 'open_basedir'.
-
I have a VPS using FastCGI (WHM/cPanel). As I understand it, in my configuration with FCGI, open_basedir must be set using a php.ini file in each user's /home/ directory (From what I've read, it won't work to do it in the global httpd.conf or global php.ini). I want to use open_basedir for improved security, as I recently had a hack that involved traversing through different user's directories. I have added this value to a user's home directory php.ini file: open_basedir = /home/USERNAME/public_html:/usr/lib/php:/usr/local/lib/php:/tmp What I want to know is, is there a way to test that this is functioning properly? How do I know if it is enforcing it as it should? Presumably I would want to try and execute a .php file in another user's directory from within that first user...however I don't know of a good way to test this. Any suggestions would be greatly appreciated.
- 2 replies
-
- php
- open_basedir
-
(and 3 more)
Tagged with:
-
I have a script that simply does this: <? $sCMD = `/bin/cat /tmp/test.txt`; echo $sCMD; ?> This works. But my open_dirbase does not include /bin or /tmp. Does anyone know why executing a program using backticks like this bypasses open_basedir? This should not work correct? I'm running PHP 5.3.16 on linux kernel 2.4.