Uhm,
I like people who harden shared hosting environments but I do not understand how
restricting yourself should give you any pratical security advantage.
I'm not aware of any security concern involving php_uname(). Are you?
Having said I'm not a fan of [[security through obscurity]], but having said I love
the STFU operatoe, I would suggest to just allow that function instead of patching
MediaWiki with '@' there.
Cheers
On September 24, 2020 11:19:58 PM GMT+02:00, Jeffrey Walton <noloader(a)gmail.com>
wrote:
On Thu, Sep 24, 2020 at 5:17 PM Valerio Bozzolan via
MediaWiki-l
<mediawiki-l(a)lists.wikimedia.org> wrote:
Well,
In the meanwhile I would suggest to contact your hosting provider:
they should
remove the php_uname() function from the disabled_functions
directive.
That's us. We run a hardened installation:
https://github.com/weidai11/website/blob/master/apache-php/security.ini.
Jeff
--
E-mail sent from the "K-9 mail" app from F-Droid, installed in my LineageOS
device without proprietary Google apps. I'm delivering through my Postfix mailserver
installed in a Debian GNU/Linux.
Have fun with software freedom!
[[User:Valerio Bozzolan]]