Alexander Dalloz wrote:
Am Di, den 05.07.2005 schrieb FC um 12:36:A little addon part of the script (phpfm) doing it .. ----------------------------------------------- if (!isset($dir_atual)){ $dir_atual = $path_info["dirname"]."/"; if (!$islinux) $dir_atual = ucfirst($dir_atual); @chmod($dir_atual,0777); } else $dir_atual = formatpath($dir_atual); $is_reachable = (stristr($dir_atual,$doc_root)!==false); ------------------------------------------------- Question is .. Why does the system allow it ??Because you misconfigure it to allow it. Why do you set chown apache:apache /var/www/html or any other directory inside the DocumentRoot toi be that? If the phpfm tool does need such permissions I feel it is broken by design and a security flaw by its own. Not an Apache (apr) problem. My 2¢ Alexander
"chown apache:apache /var/www/html" Was just to test the behaviour I am using many virtualhosts on a diff partition and each dir is owned by a different user so mentioned the apache.apache for testing purpose :) I just had a user installing phpfm on his vhost and he had troubles .. that's how I found out about this .. suphp wont allow world writeable docroots. reason why he had problems :) -Philip
