• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved What speaks against including /dev/urandom in openbasedir settings?

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
How to set up php custom php settings for the domain

Why is /dev/urandom not included in openbasedir settings by default? I am trying to think of a vulnerability that this could open, but as it is a device and cannot be "deleted" or modified by PHP, why would that path not be in the openbasedir paths by default? Or am I wrong and PHP could tamper with /dev/urandom?
 
I think this is done because it's impossible to add everything to the open_basedir by default, so the customization ability was added :)
 
OK, I did several tests yesterday, too, with PHP scripts that tried to attack that location. Everything worked fine, no successfull attack possible, so i think it is o.k. to add it to the open_basedir path.
 
You must log in or register to reply here.

Similar threads

K
Resolved Setting up a subscription to get access to website files and email tools
Replies
7
Views
907
klmgraphics
K
A
Resolved WP Toolkit: Live site cloned, clones using plugins folder of original site
Replies
5
Views
1K
ArmReu
A
M
Issue Migration feedback - a bunch of comments
Replies
14
Views
6K
M_N
M
V
Question [panel.ini] Change php.ini Settings
Replies
1
Views
609
Peter Debik
P
H
Issue PHP-FPM - Service is not configured
Replies
2
Views
3K
Bitpalast
Bitpalast
Back
Top