hi,
Am Sonntag, den 12.12.2004, 17:42 -0800 schrieb Erik Hermansen:
Since the warnings appeared during 1.4beta3
setup, it makes
me think I might have some other problems down the road and might need to
remove the "open_basedir" restriction (don't want to).
>>shrug<<
i strongly recommend, that you change your apache(virtual) config like
this:
php_admin_flag engine on
php_admin_value open_basedir
"/home/httpd/userFoo/websites/domain.foo/htdocs:/home/httpd/userFoo/websites/domain.foo/tmp:."
php_admin_value
upload_tmp_dir /home/httpd/userFoo/websites/domain.foo/tmp
php_admin_value
session.save_path /home/httpd/userFoo/websites/domain.foo/tmp
After that, you're a bit safer :-), don't let write apache to /tmp
Ah, but both the stable and latest versions of mediawiki seem to need to
write to /tmp. Your advice is probably good, but I don't know how to
reconcile it with this.
Is the worry that an attacker would upload something to /tmp and execute it?
-Erik
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org