> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Michael Stauber > Sent: Saturday, December 19, 2009 3:04 PM > To: BlueOnyx General Mailing List > Subject: [BlueOnyx:03139] Re: php error > > Hi Darrell, > > > > Say I had a production website at site4 and a development website at > > > site5, > > > and I wanted to enable safe_mode and safe_mode_gid so that I could > > > include a > > > file from site4 on site5. How do I avoid this: > > > > Bump???? > > You don't. At least you shouldn't. > > Or would you want that the PHP script of customer A can access the PHP > scripts of customer B? You see where this leads to. > > You cannot have safe mode on and then expect it to behave in such an > unsecure fashion. When safe mode is on, site4's PHP scripts cannot access > site5's files and vice versa (due to UID and GID). Expecially not with > open_basedir in place anyway.
Well, no, I would not normally want it to work this way, but in this particular circumstance, like I stated (and left above) I personally have a production website on site4 and a development website for site4 on site5. Normally I would not want this to take place, but because it's my sites, I would like to have it operate as stated, primarily because I would like the security SafeMode is supposed to provide in place in the event some hacker broke into the site and tried executing a rogue PHP script. Does that make sense? What about my other question: > Another issue: > > I have a website (site4) that I am trying to get SafeMode to work with. > When I have SafeMode enabled, either with or without SafeModeGID, it cannot > use the PHP functions: > > imagecreatefromjpeg, imagecreatefrompng, imagecreatefromgif > > I include the site's absolute path in the SafeMode include directory, > c and it has zero effect. > > How do I do this in BX? The files created by these image creation routines are owned by apache in group site4. Can apache not produce images in a 755 permissioned directory it owns? Is there a SafeMode restriction in place (when it is enabled) that doesn't allow apache to create files in directories it owns? I tried SafeModGID on and off, and putting the following directory paths in both the SafeMode include and SafeMode exec spots: /home/.sites/70/site4 /home/.sites/70/site4/ /home/.sites/70/site4/web /home/.sites/70/site4/web/ Nothing worked. We know site4 owns all of those. I even changed the ownership of the /home/.sites/70/site4/web/images directory to apache:site4 and changed permissions on that one directory to 777. No joy. Signed, Confused _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
