Ticket #59 (closed defect: fixed)
eaccelerator_dasm_file should check for open-basedir restriction
| Reported by: | Stadler | Owned by: | somebody |
|---|---|---|---|
| Priority: | trivial | Milestone: | 0.9.5 |
| Component: | eAccelerator | Version: | 0.9.5 |
| Keywords: | Cc: |
Description
eaccelerator_dasm_file doesn't check for the open-basedir restriction. This could be a security issue, because users could possibly see the contents of files they shouldn't be able to view or even access. For example they could find out passwords of config-files just by looking at the opcodes.
I consider this trivial, since the disassembler is disabled by default and since it requires the permission to use eaccelerator_dasm_file, which should normally only be granted to site admins.
I guess, the check should be placed in ea_dasm.c above line #558. The fix seems to be quite simple. Maybe I'll add a patch to it myself if I find the time for it.
Attachments
-
ea_dasm.c-open_basedir.patch
(440 bytes) -
added by Stadler 4 years ago.
Change History
comment:1 Changed 4 years ago by Stadler
Ok, the attached patch should fix this.
mmh, maybe this should be added to get_cache_entry instead?
comment:2 Changed 4 years ago by bart
- Status changed from new to closed
- Resolution set to fixed
It's good like it is. I've just commited this path. Thanks!
comment:3 Changed 12 months ago by getagoodbuy
comment:5 Changed 6 months ago by sim
decoration Changed 1 year ago by admin
bathtub Changed 1 year ago by admin
solar system Changed 1 year ago by admin
stair parts Changed 1 year ago by admin
solar supply Changed 1 year ago by admin
