Edit report at https://bugs.php.net/bug.php?id=48796&edit=1
ID: 48796 Comment by: php at cabillot dot eu Reported by: alessandro dot corbelli at guest dot net Summary: Include exec_dir patch in main tree Status: Open Type: Feature/Change Request Package: Feature/Change Request Operating System: Linux PHP Version: 5.3.0 Block user comment: N Private report: N New Comment: To the php team : what do you think about this feature ? Now that safe_mode is disabled, how hosting companies can protect consumers from themselves ? Previous Comments: ------------------------------------------------------------------------ [2012-02-25 16:12:34] herwin at snt dot utwente dot nl Any chance that this will be incorporated in the php core? ------------------------------------------------------------------------ [2009-07-04 07:37:17] alessandro dot corbelli at guest dot net Description: ------------ Please include the exec_dir patch that can be found here: http://kyberdigi.cz/projects/execdir/english.html I think that should be included in the main php's tree because it's a very important security features. With safe_mode being deprecated, there is no other safe & easy way to limit program execution and some people (like us) can't disable the whole exec family. For example, imagemagick need to be executed with exec and in a shared hosting imagemagick is a must. Please include that patch or convert your safe_mode_exec_dir to works even with safe_mode off. You have open_basedir, please add an exec_basedir. Thank you. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=48796&edit=1
