Florian Weimer <[EMAIL PROTECTED]> wrote: > Multi-user servers where most users have shell access are a non-issue > as far as PHP Safe Mode is concerned. The desire behind Safe Mode is > that your users can upload arbitrary PHP scripts, and still don't get > shell access to the box.
No. PHP Safe Mode is also used to "secure" mod_php, i.e. to prevent users from compromising the account your Apache processes and your users' mod_php scripts run as. In this context it does not matter whether your users have shell access or not. > [...] > I've been told that Safe Mode is indeed very annoying for users, so > it wouldn't be that useful in an ISP environment, even if it were > actually secure. It might be annoying for some users, others prefer the higher speed of mod_php compared to PHP via CGI (using suexec). This also lowers the system load caused by those scripts. Anyway, regardless of whether Debian supports Safe Mode or not, I would very much appreciate a clear, official statement concerning this issue, e.g. by publishing the text Florian suggested in his first mail on this topic somewhere on Debian's website. Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
