goba Sun Jul 22 13:19:58 2001 EDT
Added files:
/phpdoc/hu/features safe-mode.xml
Modified files:
/phpdoc/hu Translators language-snippets.ent
Log:
Translating safe-mode.xml, and
corresponding entities in languages-snippets.ent.
Index: phpdoc/hu/Translators
diff -u phpdoc/hu/Translators:1.36 phpdoc/hu/Translators:1.37
--- phpdoc/hu/Translators:1.36 Sun Jul 22 12:52:56 2001
+++ phpdoc/hu/Translators Sun Jul 22 13:19:58 2001
@@ -82,7 +82,7 @@
images.xml Hojtsy G�bor 1.8
persistent-connections.xml Hojtsy G�bor 1.7
remote-files.xml Hojtsy G�bor 1.6
-safe-mode.xml
+safe-mode.xml Hojtsy G�bor 1.6
------- functions -----------------------------------------------------------
apache.xml Varanka Zolt�n 1.8
array.xml Varanka Zolt�n [offline]
Index: phpdoc/hu/language-snippets.ent
diff -u phpdoc/hu/language-snippets.ent:1.9 phpdoc/hu/language-snippets.ent:1.10
--- phpdoc/hu/language-snippets.ent:1.9 Sun Jul 22 12:41:11 2001
+++ phpdoc/hu/language-snippets.ent Sun Jul 22 13:19:58 2001
@@ -1,4 +1,4 @@
-<!-- PHPDoc snippets $Id: language-snippets.ent,v 1.9 2001/07/22 16:41:11 goba Exp $
-->
+<!-- PHPDoc snippets $Id: language-snippets.ent,v 1.10 2001/07/22 17:19:58 goba Exp $
+-->
<!ENTITY warn.experimental '<warning><simpara>Ez a modul <emphasis>K�S�RLETI
JELLEGGEL M�K�DIK</emphasis>. Ez azt jelenti, hogy az itt le�rt f�ggv�nyek m�k�d�se,
maguk a f�ggv�nynevek, azaz B�RMI, ami itt le van �rva, megv�ltozhat egy k�s�bbi PHP
kiad�sban MINDEN FIGYELMEZTET�S N�LK�L. Ezt a modult csak a saj�t felel�ss�gedre
haszn�ld!</simpara></warning>'>
@@ -14,25 +14,23 @@
<!ENTITY note.no-windows '<note><simpara>Ez a f�ggv�ny nem m�k�dik Windows oper�ci�s
rendszereken!</simpara></note>'>
-<!-- Notes for safe-mode limited functions: -->
<!ENTITY note.sm.disabled '<note><simpara>&sm.disabled;</simpara></note>'>
-<!ENTITY note.sm.uidcheck '<note><simpara>When <link
-linkend="features.safe-mode">safe-mode</link> is enabled, PHP checks whether
-the file(s)/directories you are about to operate on, have the same UID as the
-script that is being executed.</simpara></note>'>
-<!ENTITY note.sm.uidcheck.dir '<note><simpara>When <link
-linkend="features.safe-mode">safe-mode</link> is enabled, PHP checks whether
-the directory in which you are about to operate, have the same UID as the
-script that is being executed.</simpara></note>'>
-
-<!-- Common pieces in features/safe-mode.xml
- Jade doesn't allow in-line entities, so I put them here... Though they
- should have been inline in safe-mode.xml -->
-<!ENTITY sm.uidcheck 'Checks whether the file(s)/directories you are
-about to operate on, have the same UID as the script that is being
-executed.'>
-<!ENTITY sm.uidcheck.dir 'Checks whether the directory in which
-you are about to operate, has the same UID as the script that is being
-executed.'>
-<!ENTITY sm.disabled 'This functions is disabled in <link
-linkend="features.safe-mode">safe-mode</link>'>
+<!ENTITY note.sm.uidcheck '<note><simpara>Ha a <link
+linkend="features.safe-mode">Safe Mode</link> be van kapcsolva, a PHP
+ellen�rzi, hogy a fileok/k�nyvt�rak, amikkel dolgozni szeretn�l,
+ugyanazzal a felhaszn�l�i azonos�t�val (UID) rendelkeznek-e, mint
+az �ppen fut� program.</simpara></note>'>
+<!ENTITY note.sm.uidcheck.dir '<note><simpara>Ha a <link
+linkend="features.safe-mode">Safe Mode</link> be van kapcsolva, a PHP
+ellen�rzi, hogy a k�nyvt�r, amiben dolgozni szeretn�l,
+ugyanazzal a felhaszn�l�i azonos�t�val (UID) rendelkezik-e, mint
+az �ppen fut� program.</simpara></note>'>
+
+<!ENTITY sm.uidcheck 'Ellen�rzi, hogy a fileok/k�nyvt�rak, amikkel
+dolgozni szeretn�l, ugyanazzal a felhaszn�l�i azonos�t�val
+(UID) rendelkeznek-e, mint az �ppen fut� program.'>
+<!ENTITY sm.uidcheck.dir 'Ellen�rzi, hogy a k�nyvt�r, amiben
+dolgozni szeretn�l, ugyanazzal a felhaszn�l�i azonos�t�val (UID)
+rendelkezik-e, mint az �ppen fut� program.'>
+<!ENTITY sm.disabled 'Ez a f�ggv�ny nem haszn�lhat�, ha a <link
+linkend="features.safe-mode">Safe Mode</link> be van kapcsolva.'>
Index: phpdoc/hu/features/safe-mode.xml
+++ phpdoc/hu/features/safe-mode.xml
<!-- $Revision: 1.1 $ -->
<chapter id="features.safe-mode">
<title>Safe mode</title>
<para>
A Safe Mode egy pr�b�lkoz�s a megosztott szerverek biztons�gi
probl�m�inak megold�s�ra. Architekt�r�lisan nem korrekt, hogy
ezt a probl�m�t a PHP szintj�n pr�b�ljuk megoldani, de mivel
a t�bbi alternat�va a webszerver �s oper�ci�s rendszer szinteken
nem igaz�n haszn�lhat�, sokan - k�l�n�sen az internetszolg�ltat�k -
a Safe Mode-ot haszn�lj�k egyel�re.
</para>
<para>
A Safe Mode m�k�d�s�t befoj�sol� be�ll�t�sok:
<programlisting role="ini">
safe_mode = Off
open_basedir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions =
</programlisting>
</para>
<para>
Ha a Safe Mode be van kapcsolva, a PHP ellen�rzi, hogy az aktu�lisan
fut� szkript tulajdonosa megegyezik-e a kezel�sre megnyitand�
file tulajdonos�val. P�ld�ul:
<programlisting role="ls">
-rw-rw-r-- 1 rasmus rasmus 33 Jul 1 19:20 script.php
-rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd
</programlisting>
Futtatva ezt a script.php programot:
<programlisting role="php">
<![CDATA[
<?php
readfile('/etc/passwd');
?>
]]>
</programlisting>
a k�vetkez� hib�t kapod, ha a Safe Mode be van kapcsolva:
<programlisting role="php">
Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not
allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
</programlisting>
</para>
<para>
Ha a safe_mode helyett egy open_basedir k�nyvt�rat �ll�tasz be, akkor
minden enged�lyezett file m�velet erre a k�nyvt�rra korl�toz�dik.
P�ld�ul (Apache httpd.conf p�lda):
<programlisting role="ini">
<![CDATA[
<Directory /docroot>
php_admin_value open_basedir /docroot
</Directory>
]]>
</programlisting>
Ha a fenti script.php programot futtatod, ezzel az open_basedir
be�ll�t�ssal, akkor a k�vetkez� eredm�nyt kapod:
<programlisting role="php">
Warning: open_basedir restriction in effect. File is in wrong directory in
/docroot/script.php on line 2
</programlisting>
</para>
<para>
Le tudsz tiltani k�l�nb�z� f�ggv�nyeket ak�r egyenk�nt is.
Ha hozz�adod ezt a php.ini �llom�nyodhoz:
<programlisting role="ini">
disable_functions readfile,system
</programlisting>
A k�vetkez� hib�t kapod:
<programlisting role="php">
Warning: readfile() has been disabled for security reasons in
/docroot/script.php on line 2
</programlisting>
</para>
<sect1 id="features.safe-mode.functions">
<title>A Safe Mode haszn�latakor tiltott/korl�tozott f�ggv�nyek</title>
<para>
Ez m�g val�sz�n�leg nem teljes, �s nem korrekt list�ja a
f�ggv�nyeknek, amiket a
<link linkend="features.safe-mode">Safe Mode</link> korl�toz.
<table>
<title>Safe Mode-ban korl�tozott f�ggv�nyek</title>
<tgroup cols="2">
<thead>
<row>
<entry>F�ggv�ny</entry>
<entry>Korl�toz�s</entry>
</row>
</thead>
<tbody>
<row>
<entry><function>dbmopen</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>dbase_open</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>filepro</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>filepro_rowcount</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>filepro_retrieve</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>imap_thread</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>ifxus_tell_slob</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>muscat_close</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>pg_loimport</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>posix_mkfifo</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>putenv</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>move_uploaded_file</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>chdir</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>dl</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>shell_exec</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>popen</function></entry>
<entry>&sm.uidcheck.dir; <!-- not sure!! --></entry>
</row>
<row>
<entry><function>mkdir</function></entry>
<entry>&sm.uidcheck.dir;</entry>
</row>
<row>
<entry><function>rmdir</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>rename</function></entry>
<entry>&sm.uidcheck; <!-- on the old name only, it seems --></entry>
</row>
<row>
<entry><function>unlink</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>copy</function></entry>
<entry>&sm.uidcheck; <!-- source AND target,should be noted --></entry>
</row>
<row>
<entry><function>chgrp</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>chown</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>chmod</function></entry>
<entry>&sm.uidcheck; <!-- there is more than this,
i believe you can't set the SUID/SGID/sticky bits? --></entry>
</row>
<row>
<entry><function>touch</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>symlink</function></entry>
<entry>&sm.uidcheck; <!-- only link-target, it seems? --></entry>
</row>
<row>
<entry><function>link</function></entry>
<entry>&sm.uidcheck; <!-- only link-target, it seems? --></entry>
</row>
<row>
<entry><function>ob_gzhandler</function></entry>
<entry>&sm.uidcheck;</entry>
</row>
<row>
<entry><function>getallheaders</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>exec</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>system</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>passthru</function></entry>
<entry>??</entry>
</row>
<row>
<entry><function>mail</function></entry>
<entry>??</entry>
</row>
<row>
<entry><link linkend="language.operators.execution">backtick
oper�tor</link></entry>
<entry>??</entry>
</row>
<row>
<entry>Minden f�ggv�ny, ami a
<filename>php4/main/fopen_wrappers.c</filename>
funkci�kat haszn�lja.
</entry>
<entry>??</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim: ts=1 sw=1 et syntax=sgml
-->
