[mythtv-commits] Ticket #7323: Reopen: open_basedir issue

MythTV mythtv at cvs.mythtv.org
Wed Oct 14 20:11:08 UTC 2009 

#7323: Reopen: open_basedir issue
------------------------------+---------------------------------------------
 Reporter:  anonymous         |        Owner:  kormoc 
     Type:  defect            |       Status:  closed 
 Priority:  minor             |    Milestone:  0.22   
Component:  Plugin - MythWeb  |      Version:  unknown
 Severity:  medium            |   Resolution:  wontfix
  Mlocked:  0                 |  
------------------------------+---------------------------------------------
Changes (by kormoc):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 It's a part of safe mode but it's not governed by the safe mode on/off
 flag.

 http://www.php.net/manual/en/ini.sect.safe-mode.php

  Limit the files that can be opened by PHP to the specified directory-
 tree, including the file itself. This directive is NOT affected by whether
 Safe Mode is turned On or Off.

 When a script tries to open a file with, for example, fopen() or gzopen(),
 the location of the file is checked. When the file is outside the
 specified directory-tree, PHP will refuse to open it. All symbolic links
 are resolved, so it's not possible to avoid this restriction with a
 symlink. If the file doesn't exist then the symlink couldn't be resolved
 and the filename is compared to (a resolved) open_basedir.

 The special value . indicates that the working directory of the script
 will be used as the base-directory. This is, however, a little dangerous
 as the working directory of the script can easily be changed with chdir().

 In httpd.conf, open_basedir can be turned off (e.g. for some virtual
 hosts) the same way as any other configuration directive with
 "php_admin_value open_basedir none".

 Under Windows, separate the directories with a semicolon. On all other
 systems, separate the directories with a colon. As an Apache module,
 open_basedir paths from parent directories are now automatically
 inherited.

 The restriction specified with open_basedir is actually a prefix, not a
 directory name. This means that "open_basedir = /dir/incl" also allows
 access to "/dir/include" and "/dir/incls" if they exist. When you want to
 restrict access to only the specified directory, end with a slash. For
 example: open_basedir = /dir/incl/

 The default is to allow all files to be opened.

-- 
Ticket URL: <http://svn.mythtv.org/trac/ticket/7323#comment:1>
MythTV <http://www.mythtv.org/>
MythTV

More information about the mythtv-commits mailing list