unhappy with my open_basedir directive - alternatives?
I've been running an RC candidate of Gallery3 and am unhappy that I had to open up /usr/bin in the open_basedir setting for one of my sites that is using it. I really think this is a security concern, but what alternatives do we have?
It's really a matter of where Gallery3 looks for one of the graphics packs. I'm running Ubuntu 9.10 so I downloaded and installed into /var/www/web1/usr/bin and tried to set that into open_basedir, but Gallery3 executes a 'which' command to find the package and finds it in /usr/bin -- I removed it from there, but it still won't look into /var/www/web1/usr/bin! (I think this is going to get resolved in the official release).
Any idea on alternatives? Are my concerns justified?