(working) open_basedir security for (addon) domains.
...they say its a new feature, but I see it as a bug.
In the current state, open_basedir tweak seems to be useless as it is being set to the users folder (/home/usersfolder/) and not to the DocumentRoot of the domain folder (/home/usersfolder/public_html).
This means that a script from /public_html can do anything with any file from the users folder.With Addon Domains, the situation is even worse.If we have an addon domain like "http://www.othersite.com" which points to "/home/usersfolder/www_othersite", any script from "http://www.othersite.com" can navigate without any restriction to any file from user folder; does not get limited to it's DocumentRoot as it should;
Basically... for www.othersite.com addon domain, in httpd.conf we get this:
instead of this:
Please vote for this as it is a security concern.