[TYPO3-core] REMINDER RFC #8130: Bug: addService() working with open_basedir and symlink
Dmitry Dulepov
dmitry at typo3.org
Fri Oct 17 11:07:22 CEST 2008
Hi!
Xavier Perseguers wrote:
> I don't think so, the problem still remains as is_executable does not
> stick to the given directory:
>
> $ ls -l /var/www/typo3-exec
> lrwxrwxrwx 1 root root 16 2007-09-04 08:47 convert -> /usr/bin/convert
>
> With open_basedir listing /var/www/typo3-exec, the different exec
> functions of PHP let you use /var/www/typo3-exec/convert happily but if
> you try to check whether you may run the command, namely using
> is_executable, then the symbolic link is first resolved to
> /usr/bin/convert, then a warning is thrown that open_basedir
> restrictions are activated and that /usr/bin is not within the allowed
> path(s) and finally is_executable returns FALSE!
That's right. But in this case do not use a symlink, use hard link or a copy.
--
Dmitry Dulepov
TYPO3 Core team
My TYPO3 book: http://www.packtpub.com/typo3-extension-development/book
In the blog: http://typo3bloke.net/post-details/iphone_as_productivity_tool/
More information about the TYPO3-team-core
mailing list