[Webapps-common-discuss] open_basedir and /usr/share/php
Jan Wagner
waja at cyconet.org
Sat Jun 16 14:29:47 UTC 2007
Hi there,
I'm maintaining ipplan[1] and hit by CVE-2007-3215[2]. I'm thinking about
using libphp-phpmailer[3] directly, which is located in /usr/share/php.
Refering to the PHP Policy Draft[4], this should be inside the default include
path. Using open_basedir, it's necessary to include all directories inside
the include path, isn't it?
So it should be fine, if I leave a hint anywhere, that /usr/share/php should
be in open_basedir (like libphp-phpmailer too).
Thanks for your recommands, Jan.
P.S. I'm not subscribed to webapps-common-discuss, so please cc me.
[1] http://packages.qa.debian.org/ipplan
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215
[3] http://packages.qa.debian.org/libphp-phpmailer
[4]
http://webapps-common.alioth.debian.org/draft-php/html/ch-php-int.html#s-php-interpreter-fs-include
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/webapps-common-discuss/attachments/20070616/bac2708b/attachment.pgp
More information about the Webapps-common-discuss
mailing list