[TYPO3-debian] safe_mode woes
Michiel Roos
michiel at netcreators.com
Wed Nov 21 09:35:46 CET 2007
thoralf wrote:
> hi christian,
>
> thank you for your answer ...
>
> On Wed, 07 Nov 2007 17:05:29 +0100, Christian Welzel <gawain at camlann.de>
> wrote:
>
>>> can't get font rendering working - the test provided by the install
>>> script is constantly failing. otoh, all works well when turning off
>>
>> The functions to scale the images in the install tool are done with
>> imagemagick or graphicsmagick. Make sure, the binary is located in a
>> directory that is listed in the allowed locations. A symlink is ok too.
>
> scaling and all other image manipulation do work correctly even in safe
> mode ... iirc (i'm not sitting on the box in question right now), i
> symlinked the imagemagick executables (convert, composite et al.) from a
> safe_mode_exec_dir-directory. that worked, albeit i still had to chown
> the executables to www-data:www-data (not sure if this was a good idea ...)
No,
Just to scare you . . . ;-)
This was not a good idea. This translates into:
Any code that can be gotten to run under apache may
mangle/replace/delete/modify/pimp the imagemagick executables now.
You made a nice 'potential for a hole' on your server.
Be carefull with chowning.
Kind regards,
Michiel Roos
--
Netcreators BV :: creation and innovation
www.netcreators.com
Interesse in werken bij Netcreators?
http://www.netcreators.com/bedrijf/vacatures/
More information about the TYPO3-debian
mailing list