Bug#323585: acknowledged by developer (Re: [php-maint] Bug#323585:
libapache2-mod-php4 - open_basedir bug - security)
thorben
thorben at gawab.com
Wed Aug 17 14:24:08 UTC 2005
sry for bothering you again, but why is it closed?
the "yes I used it,..." from further mail meant that i used the
tailing "/" as described by the php manual and you (sry for
misunderstandings)
my configuration is:
<virtualhost...>
...
php_admin_value open_basedir /var/www/user1/
...
</virtualhost>
greets
thorben
> This is an automatic notification regarding your Bug report
> #323585: libapache2-mod-php4 - open_basedir bug - security,
> which was filed against the libapache2-mod-php4 package.
> It has been closed by one of the developers, namely
> Adam Conrad <adconrad at 0c3.net>.
> Their explanation is attached below. If this explanation is
> unsatisfactory and you have not received a better one in a separate
> message then please contact the developer, by replying to this email.
> Debian bug tracking system administrator
> (administrator, Debian Bugs database)
> Received: (at 323585-done) by bugs.debian.org; 17 Aug 2005 13:44:59 +0000
> From adconrad at 0c3.net Wed Aug 17 06:44:59 2005
> Return-path: <adconrad at 0c3.net>
> Received: from loki.0c3.net [69.0.240.48]
> by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
> id 1E5ODz-0005Am-00; Wed, 17 Aug 2005 06:44:59 -0700
> Received: from [203.49.196.168] (helo=[10.0.0.4])
> by loki.0c3.net with esmtp (Exim 4.34)
> id 1E5ODO-0005qC-OC; Wed, 17 Aug 2005 07:44:23 -0600
> Message-ID: <43033F2E.1080002 at 0c3.net>
> Date: Wed, 17 Aug 2005 23:44:14 +1000
> From: Adam Conrad <adconrad at 0c3.net>
> User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050809)
> X-Accept-Language: en-us, en
> MIME-Version: 1.0
> To: thorben <thorben at gawab.com>, 323585-done at bugs.debian.org
> Subject: Re: [php-maint] Bug#323585: libapache2-mod-php4 - open_basedir bug
> - security
> References: <1123638061.20050817141509 at gawab.com>
> In-Reply-To: <1123638061.20050817141509 at gawab.com>
> X-Enigmail-Version: 0.92.0.0
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
> Delivered-To: 323585-done at bugs.debian.org
> X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
> (1.212-2003-09-23-exp) on spohr.debian.org
> X-Spam-Level:
> X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
> autolearn=no version=2.60-bugs.debian.org_2005_01_02
> thorben wrote:
>>
>> if somebody has a directory structure like this:
>> /srv/user1
>> /srv/user2
>> .
>> .
>> .
>> /srv/user10
>> /srv/user11
>>
>> user1 can access the files of user10 and user12 vi PHP although
>> open_basedir is set
> Are you using a trailing slash on your open_basedir directives? From
> the PHP manual:
>> The restriction specified with open_basedir is actually a prefix, not
>> a directory name. This means that "open_basedir = /dir/incl" also
>> allows access to "/dir/include" and "/dir/incls" if they exist. When
>> you want to restrict access to only the specified directory, end with
>> a slash. For example: "open_basedir = /dir/incl/"
> ... Adam
More information about the pkg-php-maint
mailing list