Hi, I work for a web hosting / ASP / linux company, and my last problem is using a standard library (which can be accessed by any php users, like PEAR), and keeping the secret of other directories. Solution for the first problem is 'include_path = ".:/path/to/shared/libs",' and for the second one is 'safe_mode = on.' Well, it's good enough but there's a little glitch: file ownership. In safe mode the interpreter refuses opening files which owner uid is not the same as the running script's. Eg. I have to copy the stdlib (ohh, those wonderful days of MudOS mudlib writing!) for each user of each virtual hosts. I think a safe_mode_checkuid flag would solve the problem. In stock php 4.0.4pl1 safe_mode is checked by - sapi/apache/php_apache: AUTHORIZATION env.var is not serviced - main/fopen-wrappers: fopen wrappers checks for same userid - main/main: set_time_limit is blocked - ext/standard/basic_functions: handles safe_mode_(allowed|protected)_env_vars - ext/standard/dl: dl is blocked - ext/standard/exec: exec is restricted to safe_mode_exec_dir and ``s are blocked - ext/standard/file: popen is restricted to safe_mode_exec_dir mkdir, rmdir, rename, unlink, copy are privileges-checked - ext/standard/filestat: chkgrp, chown, chmod, touch are privileges-checked chmod is limited to 0777 (no special rights) - ext/standard/link: symlink, link are privileges-checked - ext/posix/posix: mkfifo is privileges-checked - ext/pgsql/pgsql: pg_loimport is privileges-checked - ext/filepro/filepro: filepro, filepro_rowcount, filepro_retrieve are privileges-checked - ext/dbase/dbase: dbase_open, dbase_create are privileges-checked - ext/db/db: dbmopen is privileges-checked Check/block summary env.var block: - AUTHORIZATION (only in apache SAPI) function block: - dl - set_time_limit function restrictions: - safe_mode_allowed_env_vars - safe_mode_protected_env_vars privileges - sanity checks mkdir, rmdir, rename, unlink, copy, chkgrp, chown, chmod, touch, symlink, link, mkfifo, pg_loimport, filepro, filepro_rowcount, filepro_retrieve, dbase_open, dbase_create, dbmopen - special access permissions block chmod - userid checks fopen Conclusion Some things are must-have in safe_mode, but I would put an own flag for each type (well, the privilege sanity checks don't do any bad, so this type doesn't need another flag). Comments? Implementations? -- Nagy Balazs, LSC http://www.lsc.hu/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]