Reputation: 2153
php: open_basedir and /dev/urandom
Calling the Pear Mail class in some instances automatically attempts to read /dev/urandom, however access is restricted due to an open_basedir setting. Is it safe to add /dev to open_basedir? Or is there a better way around this?
Upvotes: 2
Views: 2299
Answers (2)
Reputation: 1067
Empirical testing (in PHP 7.1.18) shows you can add /dev/urandom to open_basedir to allow access to only that ‘device’ (provided there is no trailing slash, i.e. not /dev/urandom/). More generally, you can allow access to specific files within a directory without allowing access to the directory itself, other files within it, or subdirectories.
I don't know if this (apparently undocumented) feature was present in PHP at the time the question was asked.
Upvotes: 1
Reputation: 25338
Do you trust everyone who will be writing PHP for your server? If not, then adding /dev to open_basedir is probably a bad idea.
As for why, the only reason I can think of for why random numbers would be needed is if you are trying to start an SSL connection with an SMTP server. Are you trying to use SSL?
Upvotes: 1
Related Questions
- PHP: Can't Set Open_basedir
- Can I access /dev/urandom with open_basedir in effect?
- PHP open_basedir with UNC path
- What should my open_basedir path be set as?
- PHP open_basedir
- PHP: open_basedir allowed path
- PHP open_basedir broken in Apache but works in PHP at runtime
- Can I use open_basedir or is it deprecated?
- What is the use of open_basedir in PHP and how does it work?
- open_basedir globally