File: 0012-php.ini_securitynotes.patch

package info (click to toggle)

php5 5.6.33%2Bdfsg-0%2Bdeb8u1

links: PTS, VCS
area: main
in suites: jessie
size: 157,872 kB
sloc: ansic: 756,065; php: 22,030; sh: 12,311; cpp: 8,771; xml: 6,179; yacc: 1,564; exp: 1,514; makefile: 1,467; pascal: 1,147; awk: 538; perl: 315; sql: 22

file content (25 lines) | stat: -rw-r--r-- 909 bytes

From: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Date: Sat, 2 May 2015 10:26:52 +0200
Subject: php.ini_securitynotes

---
 php.ini-development | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/php.ini-development b/php.ini-development
index c8399c4..4e0d93d 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -295,6 +295,12 @@ serialize_precision = 17
 ; and below.  This directive makes most sense if used in a per-directory
 ; or per-virtualhost web server configuration file.
 ; http://php.net/open-basedir
+
+; NOTE: this is considered a "broken" security measure.
+;       Applications relying on this feature will not receive full
+;       support by the security team.  For more information please
+;       see /usr/share/doc/php5-common/README.Debian.security
+;
 ;open_basedir =
 
 ; This directive allows you to disable certain functions for security reasons.