Open_Basedir, trailing slash after /tmp - will it stop creating directories ?

[jeroman8]

I have a problem with exploits in scripts that uploads stuff to the tmp directoy
and run them there. It's different kinds of activites but non is welcome.

So, finding these exploits is offcourse the best way to fix it but as a security
method I wonder if adding a trailing slash / after the tmp in the open_basedir lines in httpd.conf will prevent the exploit/script from making a directory in tmp ?

As it is no it say:
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/user/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>

If I instead have /tmp/ in the end it should stop it from making/access anything
under /tmp right ?

On some servers there are a few directories in tmp but I can't see it is
needed for php scripts. - Any idea ?

[RavenSoul_]

I suggest reading http://www.eth0.us/?q=tmp

[jeroman8]

All of that is already done and is basicly what /scripts/securetmp is doing
and that does not prevent scripts from running in /tmp all the time., most of the time yes,
but if you start the script in a certain way it does not help.

What I wanted was a way to stop php scripts from creating directories in /tmp
and open_basedir might be way to do that.

[chirpy]

AFAIK, it won't make a difference. Linux copes very well if you address directories with too many slashes, e.g.:

ls -la //var//log//

The only realistic way to to fix the problem php scripts in the first place and use a good set of mod_security secfilters.