> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Darrell D. Mobley > Sent: Thursday, December 31, 2009 7:42 PM > To: 'BlueOnyx General Mailing List' > Subject: [BlueOnyx:03210] Re: php error > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > On Behalf Of Darrell D. Mobley > > Sent: Saturday, December 19, 2009 4:48 PM > > To: 'BlueOnyx General Mailing List' > > Subject: [BlueOnyx:03141] Re: php error > > > > > -----Original Message----- > > > From: [email protected] [mailto:blueonyx- > [email protected]] > > > On Behalf Of Michael Stauber > > > Sent: Saturday, December 19, 2009 3:04 PM > > > To: BlueOnyx General Mailing List > > > Subject: [BlueOnyx:03139] Re: php error > > > > > > Or would you want that the PHP script of customer A can access the PHP > > > scripts of customer B? You see where this leads to. > > > > > > You cannot have safe mode on and then expect it to behave in such an > > > unsecure fashion. When safe mode is on, site4's PHP scripts cannot > > > access site5's files and vice versa (due to UID and GID). Expecially > not > > > > with open_basedir in place anyway. > > > > Well, no, I would not normally want it to work this way, but in this > > particular circumstance, like I stated (and left above) I personally > have > > a production website on site4 and a development website for site4 on > site5. > > Normally I would not want this to take place, but because it's my sites, > I > > would like to have it operate as stated, primarily because I would like > > the security SafeMode is supposed to provide in place in the event some > > hacker broke into the site and tried executing a rogue PHP script. Does > > that make sense? > > > > What about my other question: > > > Another issue: > > > > > > I have a website (site4) that I am trying to get SafeMode to work > with. > > > When I have SafeMode enabled, either with or without SafeModeGID, it > > > cannot use the PHP functions: > > > > > > imagecreatefromjpeg, imagecreatefrompng, imagecreatefromgif > > > > > > I include the site's absolute path in the SafeMode include directory, > > > c and it has zero effect. > > > > > > How do I do this in BX? > > > > The files created by these image creation routines are owned by apache > in > > group site4. Can apache not produce images in a 755 permissioned > directory > > it owns? Is there a SafeMode restriction in place (when it is enabled) > > that doesn't allow apache to create files in directories it owns? I > tried > > SafeModGID on and off, and putting the following directory paths in both > > the SafeMode include and SafeMode exec spots: > > > > /home/.sites/70/site4 > > /home/.sites/70/site4/ > > /home/.sites/70/site4/web > > /home/.sites/70/site4/web/ > > > > Nothing worked. > > > > We know site4 owns all of those. I even changed the ownership of the > > /home/.sites/70/site4/web/images directory to apache:site4 and changed > > permissions on that one directory to 777. No joy. > > Bump.
Bump. _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
