0004005: php.ini disable_functions does not work

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0004005

[Quercus]

major

always

04-20-10 00:31

12-10-12 14:34

Reporter

hm2k

View Status

public

Assigned To

nam

Priority

normal

Resolution

fixed

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

Product Version

Product Build

Summary

0004005: php.ini disable_functions does not work

Description

phpinfo() reports that my php.ini is .../WEB-INF/php.ini

I know the php.ini is being used as other options are being set.

But the following does not work:

disable_functions = "dl,highlight_file"

As I am unable to disable these functions (and others), it poses a security risk and as such this bug is considered of high importance.

Steps To Reproduce

Additional Information

Attached Files

Relationships

Notes
(0005236) dicr 05-11-11 15:24	I think this can be implemented by native java security managers. Please, search "quercus serurity manager". http://www.caucho.com/resin-3.0/security/securitymanager.xtp [^]

(0006111) nam 12-10-12 14:34	Fixed for 4.0.33. disable_functions need to be set in php.ini.

(0006112) nam 12-10-12 14:34	php/1004 php/1005 php/1006

Issue History
Date Modified	Username	Field	Change
04-20-10 00:31	hm2k	New Issue
05-11-11 15:24	dicr	Note Added: 0005236
12-10-12 14:33	nam	Status	new => assigned
12-10-12 14:33	nam	Assigned To	=> nam
12-10-12 14:34	nam	Status	assigned => closed
12-10-12 14:34	nam	Note Added: 0006111
12-10-12 14:34	nam	Resolution	open => fixed
12-10-12 14:34	nam	Status	closed => assigned
12-10-12 14:34	nam	Status	assigned => closed
12-10-12 14:34	nam	Note Added: 0006112

Mantis 1.0.0rc3[^]

34 total queries executed.
29 unique queries executed.