Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

php open_basedir is not enough ...

Discussion in 'General Discussion' started by Radio_Head, Dec 12, 2002.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    Hello

    I am using

    php_admin_value open_basedir &/home/user:/tmp&

    to reduce hacking problems with php .

    However with 10 lines of easy php codes (I prefer don't post them here ) I was able to see for example /etc/passwd in an account which has the open_basedir line ...

    Any idea better of the open_basedir restriction ?


    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    316
    Have you got PHP safe mode enabled?
     
  3. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    php safe mode is too restrictive , however if I could activate it in on a single user I could try . May I activate safe mode on a single user (to test my code above) ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. MikeMc

    MikeMc Well-Known Member

    Joined:
    May 8, 2002
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    316
    [quote:acdbd2f56e][i:acdbd2f56e]Originally posted by Radio_Head[/i:acdbd2f56e]

    php safe mode is too restrictive , however if I could activate it in on a single user I could try . May I activate safe mode on a single user (to test my code above) ?[/quote:acdbd2f56e]

    php_admin_value safe_mode 1 in the httpd.conf in the &Virtualhost....

    for the specific domain.

    I remember this,it's time that I haven't used it though.
     
  5. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    ok I am testing it ..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    ok with safemode the script doesn't work (/etc/passwd is not showed) .

    However php safe mode is too much restrictive ! A lot of scripts will not work .. am I wrong ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. MikeMc

    MikeMc Well-Known Member

    Joined:
    May 8, 2002
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    316
    [quote:f4d9870297][i:f4d9870297]Originally posted by Radio_Head[/i:f4d9870297]

    ok with safemode the script doesn't work (/etc/passwd is not showed) .

    However php safe mode is too much restrictive ! A lot of scripts will not work .. am I wrong ?[/quote:f4d9870297]

    I believe that in general safe mode On will have an effect mainly if the script has file manipulating functions, like upload. Maybe register_globals is your problem if some scripts don't work. If you want to try too, the register_globals ON, OFF game , try this :
    php_value register_globals 0 or 1 for ON .

    Although for more security register_globals should be off.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice