| Summary | pkcs12: not found |
| Queue | Horde Framework Packages |
| Queue Version | Git master |
| Type | Bug |
| State | Not A Bug |
| Priority | 1. Low |
| Owners | |
| Requester | software-horde (at) interfasys (dot) ch |
| Created | 07/07/2011 (5089 days ago) |
| Due | |
| Updated | 07/07/2011 (5089 days ago) |
| Assigned | |
| Resolved | 07/07/2011 (5089 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
take the time to read about how to use 'disable_functions' in PHP ;)
and Safe Mode". Apparently, disable_functions is in the "Core"
section. The PHP documentation is not all that great in this area.
the time to read about how to use 'disable_functions' in PHP ;)
NO way of disabling these functions.
dangerous function? suhosin is crap.
block dangerous php functions at the server level and it would just
be nice if the use of those special functions could be documented.
way of disabling these functions.
strings, so there shouldn't be any issues. I always thought this would
actually run commands, but it was just part of a 'global rule' that
used to include exec().
I still think it should be mentioned somewhere that s/mime needs
exec() and escapeshellcmd(), because after doing a quick search it
seems quite a few forums recommend people disable those, but maybe
this report is enough since it's public.
security. Disabling it is completely insane.
dangerous php functions at the server level and it would just be nice
if the use of those special functions could be documented.
State ⇒ Not A Bug
part of basic PHP. If people are running patched versions of PHP,
they are responsible for configuring correctly.
We already recommend that people disable suhosin because it is broken anyway.
prevent abuse. So it's not easy to workaround that when not using
php-fpm, but I don't think there is a way around using escapeshellcmd
to call openssl.
2011-07-07T19:17:13+01:00 WARN: HORDE [imp] PHP ERROR:
escapeshellcmd() has been disabled for security reasons [pid 78964
on line 1213 of "/usr/local/lib/php/Horde/Crypt/Smime.php"]
2011-07-07T19:17:13+01:00 WARN: HORDE [imp] PHP ERROR:
escapeshellcmd() has been disabled for security reasons [pid 78964 on
line 1213 of "/usr/local/lib/php/Horde/Crypt/Smime.php"]
So I have 2 suggestions:
1) Add something in the documentation that escapeshellcmd() is needed
if we plan on using S/MIME
2) PHP errors should raise Horde errors, not a warnings. I was only
able to see this message after I've changed the logging level
Priority ⇒ 1. Low
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Queue ⇒ Horde Framework Packages
Summary ⇒ pkcs12: not found
Type ⇒ Bug
This is the error in Apache logs:
pkcs12: not found