The low hanging fruit of PHP
July 31, 2008 – 9:55 amWell, I’m very suprised, I would have expected to have been asked about this at least at some point over the last 4 years. We do not enable the PEAR library by default for any of our web hosting customers.
Suprised? Don’t be, with major security flaws like this one is it surprising? Many of the base PEAR files are installed as root by default, so with a flaw like the one above, it’s not something we want anyone to have access too.
However, we’re currently evaluating all the various scripting languages we support, ensuring that they are all working properly and things, and so we found ourselves spending quite a bit of time at the http://pear.php.net/ website. It seems it’s quite a straightforward job to install PEAR on a shared server so if any of our customers would like to start using the PEAR packages we recommend trying the method described at the bottom of this page.
In the mean time we’re going to evaluate installing and setting up PEAR in this way, so if you want to save yourself the time of testing it, we’ll be doing it for you. I’ll post back here once we’ve completed the testing.
UPDATE: Finally got round to testing this, and yes, it does work, you can install PEAR using this method.
