• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved What speaks against including /dev/urandom in openbasedir settings?

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
How to set up php custom php settings for the domain

Why is /dev/urandom not included in openbasedir settings by default? I am trying to think of a vulnerability that this could open, but as it is a device and cannot be "deleted" or modified by PHP, why would that path not be in the openbasedir paths by default? Or am I wrong and PHP could tamper with /dev/urandom?
 
I think this is done because it's impossible to add everything to the open_basedir by default, so the customization ability was added :)
 
OK, I did several tests yesterday, too, with PHP scripts that tried to attack that location. Everything worked fine, no successfull attack possible, so i think it is o.k. to add it to the open_basedir path.
 
You must log in or register to reply here.

Similar threads

isotophe
Question Duplicate Roundcube installation / getting a second Roundcube to run
Replies
5
Views
2K
isotophe
isotophe
P
Question Drupal CMS 1.0 with Plesk: Composer PATH issue for automatic updates
Replies
7
Views
2K
horvan
H
G
Question Automatic redirecting to custom errorpages in PHP
Replies
2
Views
880
GuiltySpark
G
S
Issue Create new subdomain uses wrong directory
Replies
3
Views
821
SiegbertG
S
B
Question Reverse Proxy Setup: VPS + Mikrotik DDNS – Feeling Lost
Replies
1
Views
2K
iberium456
I
Back
Top