|
|
Posted by Malachi on 03/22/06 07:32
Ken Williams wrote:
> Is this right? I've set open_basedir to /usr/apache/httpd/website or
> whatever, something thats not /usr/bin yet the following still works:
>
> $output = `/usr/bin/cat /proc/loadavg`;
>
> Is this correct? If open_basedir is in effect is /usr/bin/cat still
> support to be executable in this way? It does work (/usr/bin/cat is
> restricted) for fopen.
>
> Thanks.
I'm not sure I understand you entirely, but putting stuff in ``'s is
pretty much the same as typing that into a 'nix shell (assuming it's on
a 'nix platform, dunno what happens otherwise...) and returning the
stout (and as you have it there, sticking it into $output). Since you
describe the absolute paths to all executables and files in the bit that
gets passed to a shell, $output should not change no matter what
open_basedir is.
I hope this helps...
-mala
Navigation:
[Reply to this message]
|