When you’re writing a daemon, it is usually advisable to have it set its own working directory.That way, if you read from or write to any files via a relative path, they shoud be in the place you expect them to be. Always qualifying your paths is of course a good practice in and of itself, but so is defensive coding.The safest way to change your workingdirectory is to use not only chdir(), but to use chroot() as well.
chroot() is available inside the PHP CLI and CGI versions and requires the programto be running as root. chroot() actually changes the root directory for the process to the specified directories.This makes it impossible to execute any files that do not lie within that directory. chroot() is often used by servers as a security device to ensure that it is impossible for malicious code to modify files outside a specific directory. Keep in mind that while chroot() prevents you from accessing any files outside your new directory, any currently open file resources can still be accessed. For example, the following code.
opens a logfile, calls chroot() to switch to a data directory, and can still successfully log to the open file resource:
<?php
$logfile = fopen(“/var/log/chroot.log”, “w”);
chroot(“/Users/george”);
fputs($logfile, “Hello From Inside The Chroot\n”);
?>
If chroot() is not acceptable for an application, you can call chdir() to set the working directory.This is useful, for instance, if the code needs to load code that can be located anywhere on the system. Note that chdir() provides no security to prevent opening of unauthorized files—only symbolic protection against sloppy coding.
Changing the Working Directory [PHP]
0 comments:
Post a Comment