diff options
| author | James E. Flemer <jflemer@php.net> | 2001-07-13 18:21:21 +0000 |
|---|---|---|
| committer | James E. Flemer <jflemer@php.net> | 2001-07-13 18:21:21 +0000 |
| commit | 771e3e498fad6adcdc63d03ab97d4ff1f93a3987 (patch) | |
| tree | 7cc1ecaa721adb2f927d947d5b61dae10760a42d /php.ini-recommended | |
| parent | b9325a36a8df9619e4485b166516cff1e9193406 (diff) | |
| download | php-git-771e3e498fad6adcdc63d03ab97d4ff1f93a3987.tar.gz | |
o Fixed Bug #12121: chdir and safe_mode
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119: safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
Diffstat (limited to 'php.ini-recommended')
| -rw-r--r-- | php.ini-recommended | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/php.ini-recommended b/php.ini-recommended index e20205c057..e9698521b7 100644 --- a/php.ini-recommended +++ b/php.ini-recommended @@ -84,7 +84,12 @@ safe_mode = Off safe_mode_gid = Off ; By default, Safe Mode does a UID compare ; check when opening files. If you want to ; relax this to a GID compare, then turn on - ; safe_mode_gid. + ; safe_mode_gid. (safe_mode must be On) +safe_mode_include_dir = ; When safe_mode is on, UID/GID checks are + ; bypassed when including files from this + ; directory and its subdirectories. (directory + ; must also be in include_path or full path + ; must be used when including) safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ ; Setting certain environment variables ; may be a potential security breach. @@ -532,4 +537,4 @@ sockets.use_system_read = Off ; Use the system read() function instead of ; Local Variables: ; tab-width: 4 -; End:
\ No newline at end of file +; End: |