PHP Open Basedir degrades Security (Bonus)

Some hosters are using the open_basedir restrictions because they think this makes hosting somewhat more secure. Well normally it is not because a hoster in need to enable it often shows that the system is not properly configured in respect of the file-access-rights. A properly configured system would not need PHP to handle restrictions. And often open basedir can be tricked because of flaws in the implementaiton – at least those problems were reported in the past.

Anyway, the funny thing is, that a strong source of randomness often isn’t available any longer when those hosters configure the open_basedir restriction: /dev/urandom .

For example with something like WordPress and phpass, they just do not benefit any longer of it, if it was forgotten to allow access to it.

In for the security or in for the obscurity?

via: #12148

This entry was posted in Pressed and tagged , , , , , , , . Bookmark the permalink.

1 Response to PHP Open Basedir degrades Security (Bonus)

  1. Pingback: Congrats Solar Designer! | hakre on wordpress

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.