[php-maint] Bug#323585: libapache2-mod-php4 - open_basedir bug -
security
thorben
thorben at gawab.com
Wed Aug 17 12:15:09 UTC 2005
Package: libapache2-mod-php4
Version: 4.3.10-15
same bug like described in version 5.0.4
http://bugs.php.net/bug.php?id=32937
if somebody has a directory structure like this:
/srv/user1
/srv/user2
.
.
.
/srv/user10
/srv/user11
user1 can access the files of user10 and user12 vi PHP although
open_basedir is set
I talked to a PHP developer, for him it is fixed.
I am using debian sarge with no other patches / backports etc.
this bug is possibly in all php versions, I also found it in 4.4.0 on
gentoo linux
greetings
thorben
More information about the pkg-php-maint
mailing list