I'm +1 on removing safe mode in PHP 5, and encourage the use of system-level sandboxes/prisons instead.
- Stig On Sat, 2002-05-11 at 17:39, Ilia A. wrote: > In the process of writing an installer in PHP for one of my projects I've come > in contact with a number of servers running PHP with safe_mode enabled. > > As you can probably imagine the installer at first broke completely because of > safe_mode restrictions. Despite the restriction I was able to write php code > that was able to bypass safe_mode restriction in every single case, which > should tell you just how "safe" that option is. > > There are numerous ways to bypass it, rely on file system utils if they are in > the path, make the script copy itself and then write stuff as webserver, > install a small script into cgi-bin directory that will do the same thing > etc... > The number of ways to bypass this feature are too numerous to list here. > > I should also point out that safe_mode implementation has numerous bugs in > every PHP version including the very latest CVS. > > It is my belief that safe_mode gives people who use false sense of security by > "supposedly" securing their webserver from their own users, which is > pointless since a "dedicated user" can cause plenty of damage by using > while(1) include $PHP_SELF; etc... > In addition safe_mode makes the developer life extremely difficult since it > blocks the most common operations that ARE ALLOWED by the webserver's file > permissions, why does PHP take on the role that is not done in any other > programming language? > It is nearly impossible to write a PHP file system code that would work with > safe_mode it is much easier to just release C/Perl/Python etc.. code that > will do the very same thing and run via a command line or the user's cgi-bin > directory. > For example, if a user uploads test.php with their FTP and test.php creates a > file, it will no longer be able to read that file under safe_mode since the > uid of the script and the file it created differ. > > IMHO safe_mode should be removed from the php core, because it lulls web > server admins into false sense of security thus not taking the time to setup > proper file system permissions in addition to severely crippling the PHP's > file system functionality. > > If the safe_mode like functionality remains it should simply block all file > system and shell execution code since with it most of that code becomes > useless anyway. > > Regards, > > Ilia > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
