build secure_php

BestBoard

Verified User
Joined
Sep 8, 2006
Messages
199
Hi,
it will be a nice idea to include the following PHP functions in the disable list:
proc_nice - allow the user set the priority of his scripts.
ini_set - allow the user to override php.ini settings.
* posix_ (getpwnam, kill, setuid, setguid, seteuid, seteguid, setsid, setpgid) - allow the user to get sensitive data (system users info), kill, change uid, change gid, etc, of process.
apache_setenv - allow the user override apache environment settings.

* it will be better to just disable the whole extension, just compile php with --disable-posix

One more minor change, set expose_php to off. I know it's doesn't really matter but why to share this information with anyone?
 
Back
Top