From: [EMAIL PROTECTED]
Operating system: Linux Red Hat 7.0 / i386
PHP version: 4.0.4pl1
PHP Bug Type: *Configuration Issues
Bug description: using shared PHP libraries in safe_mode
When I set
include_path = ".:/usr/share/php"
to access shared libraries and
safe_mode = On
is set, users cannot use files in /usr/share/php, just because there're userid check
in main/fopen_wrappers.c. It means in safe mode you can include files with the same
owner userid only, as the controlling file (eg. which contains that include or
require).
My opinion: checks, mandatory blockings and security enhancements should be
distinguished via a new entry in php.ini.
Excerpt of my previous mail:
Check/block summary
env.var block:
- AUTHORIZATION (only in apache SAPI)
function block:
- dl
- set_time_limit
function restrictions:
- safe_mode_allowed_env_vars
- safe_mode_protected_env_vars
privileges
- sanity checks
mkdir, rmdir, rename, unlink, copy, chkgrp, chown, chmod, touch,
symlink, link, mkfifo, pg_loimport, filepro, filepro_rowcount,
filepro_retrieve, dbase_open, dbase_create, dbmopen
- special access permissions block
chmod
- userid checks
fopen
Conclusion
Some things are must-have in safe_mode, but I would put an own flag for each type
(well, the privilege sanity checks don't do any bad, so this type doesn't need another
flag).
--
Edit Bug report at: http://bugs.php.net/?id=8963&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
