Am Di, den 05.07.2005 schrieb FC um 12:36:
> A little addon
> part of the script (phpfm) doing it ..
> -----------------------------------------------
> if (!isset($dir_atual)){
> $dir_atual = $path_info["dirname"]."/";
> if (!$islinux) $dir_atual = ucfirst($dir_atual);
> @chmod($dir_atual,0777);
> } else $dir_atual = formatpath($dir_atual);
> $is_reachable = (stristr($dir_atual,$doc_root)!==false);
> -------------------------------------------------
>
> Question is .. Why does the system allow it ??
Because you misconfigure it to allow it. Why do you set
chown apache:apache /var/www/html
or any other directory inside the DocumentRoot toi be that?
If the phpfm tool does need such permissions I feel it is broken by
design and a security flaw by its own. Not an Apache (apr) problem.
My 2¢
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 12:39:20 up 9 days, 19:31, load average: 0.18, 0.19, 0.22
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
