ID: 31618 Comment by: yanstiac at yahoo dot com Reported By: kpederson at mail dot ewu dot edu Status: Assigned Bug Type: Feature/Change Request Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 Assigned To: tony2001 New Comment:
Just need to read a bit =) Nstiac http://www.php.net/manual/en/features.safe-mode.php#ini.sect.safe-mode Previous Comments: ------------------------------------------------------------------------ [2006-06-19 20:02:59] yanstiac at yahoo dot com Guys... that is what open_basedir is actually for. Cheers, Nstiac ------------------------------------------------------------------------ [2006-05-29 06:45:23] parktrip at gmail dot com Could someone tell me what will happened to this report ? is this supposed to be solved in a future version of PHP ? I have the same problem with smarty in a commercial application. Is there another way to make it work with safe_mode on ? Thanks a lot. ------------------------------------------------------------------------ [2005-08-12 22:15:09] kpederson at mail dot ewu dot edu Hmm... wouldn't something like safe_mode_read_dir make it possible to have shared libraries while using safe mode, assuming it allowed fopen(), include/require access? I don't see how else it's possible to make common modules, like the pear library, available globally, unless they never need to do more than include other files in their own hierarchy, while using safe mode. To turn off safe mode, would be a huge security risk unless I were running it using suExec and CGI or something. I'm going to ask on #PHP for other thoughts as there has to be a way to get the best of both worlds (common accessible libraries vs. security). Thanks for the help. ------------------------------------------------------------------------ [2005-08-12 20:29:55] [EMAIL PROTECTED] This is the reason why safe_mode should have been nuked long time ago. ------------------------------------------------------------------------ [2005-08-12 20:04:46] kpederson at mail dot ewu dot edu Hmm... I can understand that logic. The docs say: "UID/GID checks are bypassed when including files from this directory and its subdirectories" which also seems to fit. It's going to make it really hard for me (and I would guess many others) as a developer to support a given use case. The use case that doesn't seem to be satisfied by this is when the files in the safe_mode_include_dir (smarty for example) needs to fopen() other files in that directory. Smarty tries is_readable, which now succeeds, but there is no way for smarty, when running under safe mode, to actually read common templates... <sigh>. I don't know if this use case can be satisfied without that functionality.... I have hundreds of users, but no apparent way, (other than includes which now work) to do any type of complex templating. In most commercial environments, this wouldn't seem like a problem, but in the university setting, they all need access to a common template. Ok. I'm ranting and a bit frustrated -- although I do admit that you're right per all the docs. Feel free to delete this message and close the bug report. I appreciate you leaving it open a bit longer. If you're open for any discussion, you can e-mail me. Thanks. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618&edit=1
