> There are numerous ways to bypass it, rely on file system utils if they are in > the path,
Won't work. > make the script copy itself and then write stuff as webserver, You always write stuff as web server > install a small script into cgi-bin directory that will do the same thing That's not really a PHP issue. Many ISP's turn off cgi-bin access so in those cases that won't work. > The number of ways to bypass this feature are too numerous to list here. Let's have some real specifics please. > I should also point out that safe_mode implementation has numerous bugs in > every PHP version including the very latest CVS. Again, specifics please. > It is my belief that safe_mode gives people who use false sense of security by > "supposedly" securing their webserver from their own users, which is > pointless since a "dedicated user" can cause plenty of damage by using > while(1) include $PHP_SELF; etc... The process limits should take care of that. > In addition safe_mode makes the developer life extremely difficult since it > blocks the most common operations that ARE ALLOWED by the webserver's file > permissions, why does PHP take on the role that is not done in any other > programming language? Because PHP is in many cases the only scripting language an ISP is willing to give people access to on a shared server. > It is nearly impossible to write a PHP file system code that would work with > safe_mode it is much easier to just release C/Perl/Python etc.. code that > will do the very same thing and run via a command line or the user's cgi-bin > directory. Sure, so do that. PHP is a web scripting language. > For example, if a user uploads test.php with their FTP and test.php creates a > file, it will no longer be able to read that file under safe_mode since the > uid of the script and the file it created differ. Correct. That's why we have open_basedir. Safe-mode is a crappy feature that shouldn't need to be in PHP. This is something that should be done at the web server level as with the perchild mpm in Apache 2.0. Unfortunately Apache 2.0, and especially the perchild mpm is nowhere near robust enough to run a large shared hosting environment at this point. So until a better solution comes along, we are stuck with safe-mode or open_basedir. Personally I think more ISP's should be using open_basedir restrictions instead of safe-mode, but we give them the choice. -Rasmus -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
