[TYPO3-core] RFC: Treat symlinks as executable
Michael Stucki
michael at typo3.org
Fri Nov 17 19:38:34 CET 2006
Hi Ernesto,
>> Problem:
>> There are various places where programs are checked for being executable.
>> However, this does not work if the program is just a symlink.
>
> Have you tested it? To test your patch I made my /usr/sbin/sendmail a
> symlink to /usr/sbin/sendmail-orig. I was curious because the Install
> tool already found it without your patch.
Of course I have tested the first version, otherwise I wouldn't have found
the problem...
But after I made this change
$exec = $path . $cmd;
is_executable(@is_link($exec) ? readlink($exec) : $exec))
... I didn't test again if it still works. You are right, it wouldn't work,
since readlink() returns a path outside of the open_basedir, which rises
the same problem again which I had in the beginning.
So the solution is either to allow my 1st proposal (do not resolve symlinks,
just allow all of them) which was not accepted here, or alternatively add
the binary path to the open_basedir setting (which is what I'm going to do
now...)
Patch closed, no changes made.
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list