0

I came to problem with this Can't open file in php if one of directories is a symlink

suhosin ducumentation said that suhosin.executor.allow_symlink

This flag reactivates symlink() when open_basedir is used, which is disabled by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used is actually a security risk.

Why it's security problem, what can happen if it's set to Off or when I use root directory in open_basedir?

Community
  • 1
  • 1
jcubic
  • 61,973
  • 54
  • 229
  • 402

1 Answers1

4

symlinks make it trivial to 'break out' of the pseudo-chroot jail that a webserver's DocumentRoot imposes. With symlinks on, you can point at ANY file/directory on the server, and the webserver will happily follow the symlink, never knowing it's left the confines of the DocumentRoot. Consider what could happen if you had:

ln -s /etc/shadow /www/docroot/index.html
ln -s /etc/passwd /www/docroot/index2.html
Marc B
  • 356,200
  • 43
  • 426
  • 500