Is there a way to jail a user to its host root? At the moment anyone with c99 shell could look into config files of wordpress on other pages for example.

Like www.a123.com/c99.php -> www.b456.com/wp-config.php

Very bad. Any way to prohibit this? I know safemode could manage that but it is deprecated and declines usage of /tmp which is neccessary.

Thanks for help from the first.