Hi anonymous admin, we do not consider open_basedir bugs as critical, so this will probably not be fixed in stable. Are you able to test if this also applies to version in unstable (in chroot, or kvm)?
Ondrej On Sun, Dec 27, 2009 at 22:12, The Mighty System Admin <w...@box.cz> wrote: > Package: php5-mysql > Version: 5.2.6.dfsg.1-1+lenny3 > Severity: normal > > mysql extension for php5 package bypasses open_basedir restrictions > due to the way libmysqlclient package is compiled. > > Forcing the "--enable-local-infile" flag during compilation of > libmysqlclient package causes the built-in protection in php5's > mysql extension to malfunction allowing anyone to read files outside > open_basedir. > > >From the limited research I did, there's no way to make this > protection work properly unless the aforementioned compile flag > is turned off. > > -- System Information: > Debian Release: 5.0.3 > APT prefers stable > APT policy: (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US, LC_CTYPE=cs_CZ (charmap=ISO-8859-2) > Shell: /bin/sh linked to /bin/bash > > > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint > -- Ondřej Surý <ond...@sury.org> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
