Hi! I'm administrating a server with many virtual hosts. To get rid of some security holes i enabled safe_mode. But after that php scripts weren't able to handle (read, move, copy, delete...) uploaded files and files which have been created by the script itself.
My first idea was to add the /tmp-Directory and the users document_root-Directory to safe_mode_include_dir. But this directive couldn't handle more than one directory. Well, i do not have enough skill for patching it to accept more directories like include_path but i was able to add a new php.ini-Directive called safe_mode_pid. If 'safe_mode_pid = on' (default: off), php compares the uid of a file not only with the uid (and gid) of the script but also with the uid of the process. This removes the paradox situation that a script can create (or upload) files but can't remove or read it. It is at least a nice work-around until safe_mode_include_dir can handle more then one dir. It would be nice if somebody gives me some comments on my patches or even applies them to the cvs tree :-). I uploaded the diffs on http://www.engter.de/safe_mode_pid.diff. cu, Roland Tapken -- <========{ [EMAIL PROTECTED] }========> /"\ \ / ASCII ribbon campaign X against HTML mail / \ and postings <========={ ICQ#: 18715473 }=========> -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
