• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

Resolved What speaks against including /dev/urandom in openbasedir settings?

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
How to set up php custom php settings for the domain

Why is /dev/urandom not included in openbasedir settings by default? I am trying to think of a vulnerability that this could open, but as it is a device and cannot be "deleted" or modified by PHP, why would that path not be in the openbasedir paths by default? Or am I wrong and PHP could tamper with /dev/urandom?
 
I think this is done because it's impossible to add everything to the open_basedir by default, so the customization ability was added :)
 
OK, I did several tests yesterday, too, with PHP scripts that tried to attack that location. Everything worked fine, no successfull attack possible, so i think it is o.k. to add it to the open_basedir path.
 
You must log in or register to reply here.

Similar threads

T
Question How to clone multisite wordpress
Replies
5
Views
2K
therider62
T
isotophe
Question Duplicate Roundcube installation / getting a second Roundcube to run
Replies
5
Views
4K
isotophe
isotophe
P
Question Drupal CMS 1.0 with Plesk: Composer PATH issue for automatic updates
Replies
7
Views
4K
horvan
H
G
Question Automatic redirecting to custom errorpages in PHP
Replies
2
Views
2K
GuiltySpark
G
S
Issue Create new subdomain uses wrong directory
Replies
3
Views
2K
SiegbertG
S
Back
Top