I don't like safe mode and I don't use it on any of my systems and manage to convince most of my customers not to use it either. However, I happen to write distributable software written in PHP and had on more then 1 occassion came across systems with safe_mode enabled. While writing the code to bypass safe_mode limitations I found that there are many problems with safe_mode. The biggest problem that I see is that this option provides illusionary security thus lulling ISPs into thinking they've secured their PHP while in reality they have not. And what happens when someone does use safe_mode vunreabilities to do something bad on the server? Well they'll immidiately scream bloody murder and blame PHP, because well "i did enable safe_mode" where is my safety? If PHP didn't have such an option people would need to spend time to actually setup proper security and would have a more secure enviroment. Time should not be an issue when setting up security, if it is then don't bother with it at all.
You'd be surprised at how many people want safe_mode gone. Ilia On May 13, 2002 04:30 am, Kheos ML wrote: > This is the stupidest thing I've read since the beginning of this "thread". > If you don't > use safe_mode, good for you. Many people rely on safe_mode and I, just as > many > other ISP and webhosts, would not be using PHP if it had no safe_mode > support. > It takes too much time setting up some sort of prison when you host > thousands of > websites and, safe_mode works fine for many of us. Why would you take out a > feature that people need, just because a minority think that it should be > removed ? > > > On Sun, 2002-05-12 at 23:37, Rasmus Lerdorf wrote: > > > But for really large shared hosts, I don't think that is feasible. How > > > are you going set up 100,000 prisons on a server? > > > > > > > I'm +1 on removing safe mode in PHP 5, and encourage the use of > > > > system-level sandboxes/prisons instead. > > > > > > > > - Stig > > > > > > > > On Sat, 2002-05-11 at 17:39, Ilia A. wrote: > > > > > In the process of writing an installer in PHP for one of my > > > > > projects > > I've come > > > > > > in contact with a number of servers running PHP with safe_mode > > enabled. > > > > > > As you can probably imagine the installer at first broke completely > > because of > > > > > > safe_mode restrictions. Despite the restriction I was able to write > > php code > > > > > > that was able to bypass safe_mode restriction in every single case, > > which > > > > > > should tell you just how "safe" that option is. > > > > > > > > > > There are numerous ways to bypass it, rely on file system utils if > > they are in > > > > > > the path, make the script copy itself and then write stuff as > > webserver, > > > > > > install a small script into cgi-bin directory that will do the same > > thing > > > > > > etc... > > > > > The number of ways to bypass this feature are too numerous to list > > here. > > > > > > I should also point out that safe_mode implementation has numerous > > bugs in > > > > > > every PHP version including the very latest CVS. > > > > > > > > > > It is my belief that safe_mode gives people who use false sense of > > security by > > > > > > "supposedly" securing their webserver from their own users, which > > > > > is pointless since a "dedicated user" can cause plenty of damage by > > using > > > > > > while(1) include $PHP_SELF; etc... > > > > > In addition safe_mode makes the developer life extremely difficult > > since it > > > > > > blocks the most common operations that ARE ALLOWED by the > > webserver's file > > > > > > permissions, why does PHP take on the role that is not done in any > > other > > > > > > programming language? > > > > > It is nearly impossible to write a PHP file system code that would > > work with > > > > > > safe_mode it is much easier to just release C/Perl/Python etc.. > > > > > code > > that > > > > > > will do the very same thing and run via a command line or the > > > > > user's > > cgi-bin > > > > > > directory. > > > > > For example, if a user uploads test.php with their FTP and test.php > > creates a > > > > > > file, it will no longer be able to read that file under safe_mode > > since the > > > > > > uid of the script and the file it created differ. > > > > > > > > > > IMHO safe_mode should be removed from the php core, because it > > > > > lulls > > web > > > > > > server admins into false sense of security thus not taking the time > > to setup > > > > > > proper file system permissions in addition to severely crippling > > > > > the > > PHP's > > > > > > file system functionality. > > > > > > > > > > If the safe_mode like functionality remains it should simply block > > all file > > > > > > system and shell execution code since with it most of that code > > becomes > > > > > > useless anyway. > > > > > > > > > > Regards, > > > > > > > > > > Ilia > > > > > > > > > > -- > > > > > PHP Development Mailing List <http://www.php.net/> > > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > -- > > > > PHP Development Mailing List <http://www.php.net/> > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
