In the process of writing an installer in PHP for one of my projects I've come 
in contact with a number of servers running PHP with safe_mode enabled.

As you can probably imagine the installer at first broke completely because of 
safe_mode restrictions. Despite the restriction I was able to write php code 
that was able to bypass safe_mode restriction in every single case, which 
should tell you just how "safe" that option is.

There are numerous ways to bypass it, rely on file system utils if they are in 
the path, make the script copy itself and then write stuff as webserver, 
install a small script into cgi-bin directory that will do the same thing 
etc...
The number of ways to bypass this feature are too numerous to list here.

I should also point out that safe_mode implementation has numerous bugs in 
every PHP version including the very latest CVS.

It is my belief that safe_mode gives people who use false sense of security by 
"supposedly" securing their webserver from their own users, which is 
pointless since a "dedicated user" can cause plenty of damage by using 
while(1) include $PHP_SELF; etc...
In addition safe_mode makes the developer life extremely difficult since it 
blocks the most common operations that ARE ALLOWED by the webserver's file 
permissions, why does PHP take on the role that is not done in any other 
programming language?
It is nearly impossible to write a PHP file system code that would work with 
safe_mode it is much easier to just release C/Perl/Python etc.. code that 
will do the very same thing and run via a command line or the user's cgi-bin 
directory.
For example, if a user uploads test.php with their FTP and test.php creates a 
file, it will no longer be able to read that file under safe_mode since the 
uid of the script and the file it created differ.

IMHO safe_mode should be removed from the php core, because it lulls web 
server admins into false sense of security thus not taking the time to setup 
proper file system permissions in addition to severely crippling the PHP's 
file system functionality.

If the safe_mode like functionality remains it should simply block all file 
system and shell execution code since with it most of that code becomes 
useless anyway.

Regards,

Ilia 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to