LinuxSA Mailing list archives

  From: Alan Kennington <akenning@dog.topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Wed, 5 Jan 2000 12:25:11 +101800

php3 configuration and mutt/pgp configuration

Topic 1:  PHP3 configuration.

Concerning my earlier question about the PHP3 
configuration parameter safe_mode (or php3_safe_mode),
I've managed to establish that this _does_ work, but
not as I thought.
It seems that it prevents any PHP3 script from accessing
files outside a given directory tree.
This is a useful restriction, but not what I wanted.
This safe_mode also says that any file that I access must be
1.	writeable by the owner of the PHP3 script, and
2.	writeable by the uid of the apache web server.

I.e. the script must essentailly be owned by "nobody".
That's a bit of a nuisance.

What I really wanted was a way of restricting
PHP3 scripts to a given directory, in a similar manner to
the way CGI scripts can be restricted to a cgi-bin directory.
I'm surprised that this doesn't seem to be possible.

By the way, my apologies for an error of memory.
I believe it was actually Geoffrey who gave the talk.

Topic 2:  mutt/pgp configuration.

I've noticed that if you receive a signed e-mail with
mutt (incorporating pgp), and the e-mail contains a
public key, then that key is automatically added to
my key ring, whether I want it or not.

I've checked the mutt and PGP manuals, and can find
no way to turn this off.

People could really muck up my key ring by
sending me a whole heap of bogus keys.
I'm surprised that this "feature" is included.

Cheers,
Alan Kennington.