But for really large shared hosts, I don't think that is feasible. How are you going set up 100,000 prisons on a server?
> I'm +1 on removing safe mode in PHP 5, and encourage the use of > system-level sandboxes/prisons instead. > > - Stig > > On Sat, 2002-05-11 at 17:39, Ilia A. wrote: > > In the process of writing an installer in PHP for one of my projects I've come > > in contact with a number of servers running PHP with safe_mode enabled. > > > > As you can probably imagine the installer at first broke completely because of > > safe_mode restrictions. Despite the restriction I was able to write php code > > that was able to bypass safe_mode restriction in every single case, which > > should tell you just how "safe" that option is. > > > > There are numerous ways to bypass it, rely on file system utils if they are in > > the path, make the script copy itself and then write stuff as webserver, > > install a small script into cgi-bin directory that will do the same thing > > etc... > > The number of ways to bypass this feature are too numerous to list here. > > > > I should also point out that safe_mode implementation has numerous bugs in > > every PHP version including the very latest CVS. > > > > It is my belief that safe_mode gives people who use false sense of security by > > "supposedly" securing their webserver from their own users, which is > > pointless since a "dedicated user" can cause plenty of damage by using > > while(1) include $PHP_SELF; etc... > > In addition safe_mode makes the developer life extremely difficult since it > > blocks the most common operations that ARE ALLOWED by the webserver's file > > permissions, why does PHP take on the role that is not done in any other > > programming language? > > It is nearly impossible to write a PHP file system code that would work with > > safe_mode it is much easier to just release C/Perl/Python etc.. code that > > will do the very same thing and run via a command line or the user's cgi-bin > > directory. > > For example, if a user uploads test.php with their FTP and test.php creates a > > file, it will no longer be able to read that file under safe_mode since the > > uid of the script and the file it created differ. > > > > IMHO safe_mode should be removed from the php core, because it lulls web > > server admins into false sense of security thus not taking the time to setup > > proper file system permissions in addition to severely crippling the PHP's > > file system functionality. > > > > If the safe_mode like functionality remains it should simply block all file > > system and shell execution code since with it most of that code becomes > > useless anyway. > > > > Regards, > > > > Ilia > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
