31669 – configfile in /etc/phpmyadmin breaks with open_basedir

Bug 31669 - configfile in /etc/phpmyadmin breaks with open_basedir

Summary: configfile in /etc/phpmyadmin breaks with open_basedir

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Tom Payne (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-10-21 06:30 UTC by Dave Liefbroer
Modified:	2003-12-04 05:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dave Liefbroer 2003-10-21 06:30:02 UTC

When using an open_basedir restriction for php, which is advisable for 
securety, having the config file outside the webroot is not working. Perhaps 
it would be better to reverse the symlink, where the original stays in the 
phpmyadmin dir and /etc/phpmyadmin/config.inc.php is a symlink to that file.

Reproducible: Always
Steps to Reproduce:
1.Not neccesary i assume
2.
3.

Comment 1 Robin Johnson archtester

2003-10-21 11:51:22 UTC

no it wouldn't.
the config is in /etc/phpmyadmin for the exact reason that we want it under
CONFIG_PROTECT.

open_basedir is some very hollow security anyway.
?php
    $foo = file("/somepath/test");
    print_r($foo);
    $bar = `cat /somepath/test`;
    print_r($bar);
?

open_basedir will block the first one, but not the second.

Comment 2 Tom Payne (RETIRED) gentoo-dev

2003-10-31 05:30:45 UTC

I'm open to suggestions on this. If there's a good way to reconcile open_basedir
with CONFIG_PROTECT then tell me! Otherwise, in a two weeks I'll close this
bug as WONTFIX.

Comment 3 Tom Payne (RETIRED) gentoo-dev

2003-12-04 05:16:42 UTC

Closing as WONTFIX due to lack of feedback