2

Calling the Pear Mail class in some instances automatically attempts to read /dev/urandom, however access is restricted due to an open_basedir setting. Is it safe to add /dev to open_basedir? Or is there a better way around this?

hakre
  • 193,403
  • 52
  • 435
  • 836
Jay
  • 2,123
  • 1
  • 22
  • 29

2 Answers2

1

Do you trust everyone who will be writing PHP for your server? If not, then adding /dev to open_basedir is probably a bad idea.

As for why, the only reason I can think of for why random numbers would be needed is if you are trying to start an SSL connection with an SMTP server. Are you trying to use SSL?

Andru Luvisi
  • 24,367
  • 6
  • 53
  • 66
  • Yes, the pear mail script is connecting to a secure smtp server, so that's where the need for random numbers is coming from. I wonder if i should just remove the open_basedir restriction entirely, I am the only one using this server... – Jay Nov 08 '08 at 03:03
1

Empirical testing (in PHP 7.1.18) shows you can add /dev/urandom to open_basedir to allow access to only that ‘device’ (provided there is no trailing slash, i.e. not /dev/urandom/). More generally, you can allow access to specific files within a directory without allowing access to the directory itself, other files within it, or subdirectories.

I don't know if this (apparently undocumented) feature was present in PHP at the time the question was asked.

Jake
  • 948
  • 8
  • 19