I have seen from other questions that I can set open_basedir to restrict access to parent folders. However, I decided to do a bit of experimenting to find out what I could do.
First test was to see if I could manually set open_basedir using the ini_set function. Thankfully, it appears that this function can set a more restrictive basedir, but it cannot be used to lessen the restriction. That's all good.
However my next test was somewhat disturbing:
ini_set("open_basedir","/path/to/desired/root/limited");
echo file_get_contents("/some/outsite/file.txt"); // error: basedir restriction
echo `cat /some/outside/file.txt`; // outputs the file
I can't seem to find any way to restrict shell access to stuff.
So I guess my real question is, what can I do to ensure that parent folders are safe? Clearly, open_basedir doesn't cut it.
