Bug 31669

Summary:	configfile in /etc/phpmyadmin breaks with open_basedir
Product:	Gentoo Linux	Reporter:	Dave Liefbroer <dave>
Component:	New packages	Assignee:	Tom Payne (RETIRED) <twp>
Status:	RESOLVED WONTFIX
Severity:	minor	CC:	web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Dave Liefbroer 2003-10-21 06:30:02 UTC

When using an open_basedir restriction for php, which is advisable for 
securety, having the config file outside the webroot is not working. Perhaps 
it would be better to reverse the symlink, where the original stays in the 
phpmyadmin dir and /etc/phpmyadmin/config.inc.php is a symlink to that file.

Reproducible: Always
Steps to Reproduce:
1.Not neccesary i assume
2.
3.

Comment 1 Robin Johnson archtester

2003-10-21 11:51:22 UTC

no it wouldn't.
the config is in /etc/phpmyadmin for the exact reason that we want it under
CONFIG_PROTECT.

open_basedir is some very hollow security anyway.
?php
    $foo = file("/somepath/test");
    print_r($foo);
    $bar = `cat /somepath/test`;
    print_r($bar);
?

open_basedir will block the first one, but not the second.

Comment 2 Tom Payne (RETIRED) gentoo-dev

2003-10-31 05:30:45 UTC

I'm open to suggestions on this. If there's a good way to reconcile open_basedir
with CONFIG_PROTECT then tell me! Otherwise, in a two weeks I'll close this
bug as WONTFIX.

Comment 3 Tom Payne (RETIRED) gentoo-dev

2003-12-04 05:16:42 UTC

Closing as WONTFIX due to lack of feedback