Hi,
I try to enable php safe-mode with phpldapdmin on FreeBSD 7.1. OpenLDAP,
Apache and PLA are within a jail.
With mod_safe enable (mode_safe on), PLA login page is blank. When disabled
(off) it's ok.
I looked at your bugtrac and I saw that a patch has been provided for
safe_mode. I checked PLA sources on my computer : it's up to date (my
version is 1.1.0.6).
Can somebody help me ?
Here are some details.
LDAP stuff :
# pkg_info | grep ldap
openldap-client-2.3.43 Open source LDAP client implementation
openldap-server-2.3.43 Open source LDAP server implementation
php5-ldap-5.2.8_1 The ldap shared extension for php
phpldapadmin-1.1.0.6_1,1 A set of PHP-scripts to administer LDAP over the
web
Apache & PHP :
# pkg_info | grep apache
apache-2.2.11_3 Version 2.2.x of Apache web server with prefork MPM
# pkg_info | grep php
php5-5.2.8 PHP Scripting Language
php5-gettext-5.2.8 The gettext shared extension for php
php5-ldap-5.2.8_1 The ldap shared extension for php
php5-openssl-5.2.8 The openssl shared extension for php
php5-session-5.2.8 The session shared extension for php
php5-xml-5.2.8 The xml shared extension for php
phpldapadmin-1.1.0.6_1,1 A set of PHP-scripts to administer LDAP over the
web
# php -v
PHP 5.2.8 with Suhosin-Patch 0.9.6.3 (cli) (built: Feb 26 2009 11:31:25)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
php.ini (safe_mode section) :
;
; Safe Mode
;
; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
; the PHP Safe Mode feature not be relied upon for security, since the
; issues Safe Mode tries to handle cannot properly be handled in PHP
; (primarily due to PHP's use of external libraries). While many bugs
; in Safe Mode has been fixed it's very likely that more issues exist
; which allows a user to bypass Safe Mode restrictions.
; For increased security we always recommend to install the Suhosin
; extension.
;
safe_mode = On
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
safe_mode_gid = Off
; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
safe_mode_include_dir =
; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
safe_mode_exec_dir =
; Setting certain environment variables may be a potential security breach.
; This directive contains a comma-delimited list of prefixes. In Safe Mode,
; the user may only alter environment variables whose names begin with the
; prefixes supplied here. By default, users will only be able to set
; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
;
; Note: If this directive is empty, PHP will let the user modify ANY
; environment variable!
safe_mode_allowed_env_vars = PHP_
; This directive contains a comma-delimited list of environment variables
that
; the end user won't be able to change using putenv(). These variables will
be
; protected even if safe_mode_allowed_env_vars is set to allow to change
them.
safe_mode_protected_env_vars = LD_LIBRARY_PATH
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
;open_basedir =
; This directive allows you to disable certain functions for security
reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions =
And my virtual host :
<Virtualhost *:443>
<IfModule mod_php5.c>
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
DirectoryIndex index.php
</IfModule>
ServerName tracldap.univ-orleans.fr
ErrorLog /var/log/httpd-error-www-tracldap-ssl.log
CustomLog /var/log/httpd-access-www-tracldap-ssl.log combined
DocumentRoot /usr/local/www/phpldapadmin/htdocs
SSLEngine On
SSLCertificateFile /usr/local/etc/apache22/ssl/tracldap/server.crt
SSLCertificateKeyFile
/usr/local/etc/apache22/ssl/tracldap/server.key
<Location />
Options none
Order Deny,Allow
Deny from all
Allow from XXXXXXXXXX
</Location>
</Virtualhost>
Regards,
--
View this message in context:
http://www.nabble.com/pla-and-safe_mode-tp22378032p22378032.html
Sent from the phpldapadmin-users mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
phpldapadmin-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
