[development] Testing framework requires open_basedir to be disabled?

Leonard den Ottolander.nl drupal at den.ottolander.nl
Tue Jan 11 21:40:15 UTC 2011

Hello Scott,

On Tue, 2011-01-11 at 10:45 -0800, Scott Reynolds wrote:
> http://drupal.org/node/323110

Thanks for that pointer.

> Summary
> - Because cUrl needs it for its cookies.

No, the cookie issue can actually be fixed by setting CURLOPT_COOKIEJAR
to point somewhere inside the open_basedirs (as in curl -c).

IIUC the problem is that curl doesn't know about open_basedir
restrictions so PHP will disallow curl *any* access to the local file
system if open_basedir (or safemode) restrictions are in effect and curl

Still, removing open_basedir restrictions so curl can do it's thing
decreases system security. The current wording of that error in the
status page gives the impression that open_basedir is a bad thing which
it is not.

That error should be reworded so it points out that removing
open_basedir restrictions is actually a bad thing and needs only been
done when tests are actually being performed.


mount -t life -o ro /dev/dna /genetic/research

mount -t life -o ro /dev/dna /genetic/research

More information about the development mailing list