> Really, what is that line? sleep(10000000);
If you insist on being creative you can use file locking or sockets to get the process in to un-interuptible sleep. > I would take a bet that it probably has > nothing to do with safe mode, and would work regardless of it being in > the language.. I am not saying this particular problem is due to safe_mode, which only "theoreticaly" prevents people from viewing/modifying files they do not own. I say theoretically because in reality a bugs in safe_mode can be used to bypass this limitation or simply write code in another programming language to do it. However, "safe mode" implies safety, which in reality it DOES NOT offer, of course if the defenition of the word "safe" has changed, please let me know. > I will also take a bet that there is another security > measure in php that can be used against it. > Don't bet on it, you'll loose. > > > The argument you make to remove safe mode because it is not perfect is > > > unfounded. By the same argument you could say we shouldn't use locks on > > > our doors, because hey "they can be picked". > > > > Safe mode is not only imperfect it does not even work properly. In the > > last day and a half I've showed 5 bugs that allow it be bypassed, simply > > take a look at the latest safe_mode bugs. > > Five, I only saw one. Regardless they can and should be fixed. Check again: Bug report #17168-69 Bug report #17155-57 > > > Some of those were fixed other were not as > > yet. To continue with your lock analogy, you do not protect your house > > with a broken lock, because beyond cosmetic value it does absolutely > > nothing. > > If the lock is broken, you fix it, you don't get rid of the lock > altogether If you've fixed the same lock a dosen times and it still breaks it is probably smarter to get rid off it and get a new one. Ilia -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
