On Mon, Nov 05, 2007 at 05:28:07PM GMT, Cristian Rodriguez [EMAIL PROTECTED] said the following: > > safe_mode does not really resist any analysis, whoever convinced you > that it is a good thing does not have a clue. >
I've done the analysis, so you're saying that I don't have a clue. I don't think that's the case, its more that I have a alternate way of looking at security than you. I feel like I'm up against a religion. A lot of people who counter me probably haven't done any security analysis of safe mode themselves, they are just repeating what they have heard. And they are virulently opposed to what I suggest because they heard the term "safe mode" and it short circuits their brain. And regarding the OS thing. What could I really sanely do to prevent this at the OS level? How can I make it so that Apache and its modules are only able to execute a specified set to programs? Chroot is not the answer to this either. Either Apache has to be redesigned or PHP has to be redesigned. Since Apache has a much broader scope than PHP does, I'd say that responsibility falls onto PHP. I get the feeling that a lot of people who give support for PHP both through mailing lists, books, IRC, etc. have never had to run a shared user server. Everytime I have discussions about things like this I encounter people who have crackpot ideas that simply wouldn't work in a shared environment or would be cost prohibitive. These solutions may work fine at home, but not on a server with 100+ unrelated users. Security solutions should be simple and obvious. Complex ones discourage people from implementing them. Given that most of the web hosting industry just used cpanel or plesk installations and doesn't give a thought to the security that they offer for things like PHP, you're counting on those systems to use a setup that is secure. Since those web control panels are written by programmers wanting to automate everything, chances are that not much thought has been given to a secure design of operation. I could be wrong, but that's usually the case. The PHP team has a responsibility to not just drop safe mode right away without any period of advisement to the community. There needs to be a transition period in which sane solutions are presented to the community. Right now I don't see any of that going on. PHP is just saying "Hey, we're dropping safe mode, deal with it." That is irresponsible. I'm not saying keep safe mode in PHP, I'm saying have a good plan for everybody and provide them with transition tools (like a setting for preventing execution outside of a set directory) if you are going to remove it. Mark -- Mark S. Krenz IT Director Suso Technology Services, Inc. http://suso.org/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php