[TYPO3-core] REMINDER RFC #8130: Bug: addService() working with open_basedir and symlink

[Dmitry Dulepov]

Hi!

Xavier Perseguers wrote:
> I'm forced to use a copy because my /var/www is in fact a mounted 
> partition and hard links to not work across devices. But this is more 
> work when an update comes.
> 
> Now another problem is that my hardening configuration (yes I'm a bit 
> paranoïd but that is why I'm able to give such hints :D) does not allow 
> me to execute programs on the /var/www subdirectory (mount option 
> "noexec" in /etc/fstab. This prevents scripts to be uploaded for 
> instance to /tmp (or typo3temp in case of TYPO3) and be executed 
> whenever someone would find a way to do this.
> Please note that I do not fear uncommon or nearly impossible attacks 
> because I had the problem a few years ago on a server that was 
> absolutely not "on the forecast". This is a real issue.

You are not paranoid, you are a very responsible person, which is a good thing in my eyes :)

But adding every application to the open_basedir looks wrong to me :( I do not really want convert or unzip be there :(


-- 
Dmitry Dulepov
TYPO3 Core team
My TYPO3 book: http://www.packtpub.com/typo3-extension-development/book
In the blog: http://typo3bloke.net/post-details/iphone_as_productivity_tool/