Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?
As I read it in CVS, chroot() will work even in safe-mode. Isn't this a bad idea(tm), or am I wrong? If users can chroot in safe-mode, Apache won't serve any more pages after all children have been chrooted to an empty dir? uhm, where have you read that? [ curious ] I just reasoned what could happen. if you chroot a child, I couldn't see a reason why it'd get respawned (since it doesn't die), but it will become a useless child, I guessed. nope, cause it will run as apache user, and you have to be root to chroot(). I believe there are webservers which are run as root, or not? If that is the case, chroot should be disabled in safe-mode IMHO, or better, disabled in webserver envirment. Currently the docs say that it is not *wise* to use it in webserver-env, not that is impossible. That's why I questioned safe-mode restrictions here. -- teodor Jeroen -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?
On Mon, 20 Aug 2001, Jeroen van Wolffelaar wrote: As I read it in CVS, chroot() will work even in safe-mode. Isn't this a bad idea(tm), or am I wrong? If users can chroot in safe-mode, Apache won't serve any more pages after all children have been chrooted to an empty dir? uhm, where have you read that? [ curious ] I just reasoned what could happen. if you chroot a child, I couldn't see a reason why it'd get respawned (since it doesn't die), but it will become a useless child, I guessed. It will be useless indeed, as the filesystem root of it has been changed then. nope, cause it will run as apache user, and you have to be root to chroot(). I believe there are webservers which are run as root, or not? If that is the case, chroot should be disabled in safe-mode IMHO, or better, disabled in webserver envirment. If your sysadm runs a webserver as root, you should fire him IMO. Currently the docs say that it is not *wise* to use it in webserver-env, not that is impossible. That's why I questioned safe-mode restrictions here. yeah, right... I think it should only work in plain CGI mode, with no CGI things in it (force-cgi-redirect) or other stuff. It simply has no use in this cases... Derick -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?
IMHO There is no reason to use chroot in safe_mode, and it should be disabled. As far as webservers running as root, potentially any webserver could, though you are probably right that some do by default. Think of the potential hazard of a multi-threaded webserver This is another dangerous system call for the web environment, and really should be disabled if SAPI!=cgi -Jason - Original Message - From: Jeroen van Wolffelaar [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: PHP Developers Mailing List [EMAIL PROTECTED] Sent: Monday, August 20, 2001 2:01 PM Subject: Re: [PHP-DEV] chroot(): _not_ safe-mode restricted? As I read it in CVS, chroot() will work even in safe-mode. Isn't this a bad idea(tm), or am I wrong? If users can chroot in safe-mode, Apache won't serve any more pages after all children have been chrooted to an empty dir? uhm, where have you read that? [ curious ] I just reasoned what could happen. if you chroot a child, I couldn't see a reason why it'd get respawned (since it doesn't die), but it will become a useless child, I guessed. nope, cause it will run as apache user, and you have to be root to chroot(). I believe there are webservers which are run as root, or not? If that is the case, chroot should be disabled in safe-mode IMHO, or better, disabled in webserver envirment. Currently the docs say that it is not *wise* to use it in webserver-env, not that is impossible. That's why I questioned safe-mode restrictions here. -- teodor Jeroen -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?
On Mon, 20 Aug 2001 [EMAIL PROTECTED] wrote: Hi jeroen! On Mon, 20 Aug 2001, [EMAIL PROTECTED] wrote: As I read it in CVS, chroot() will work even in safe-mode. Isn't this a bad idea(tm), or am I wrong? If users can chroot in safe-mode, Apache won't serve any more pages after all children have been chrooted to an empty dir? uhm, where have you read that? [ curious ] nope, cause it will run as apache user, and you have to be root to chroot(). Indeed, chroot() doesn't make sense at all if it's used in a webserver module. It's onyl useful when PHP runs as commandline tool, as root. That's why I added the function. Derick -- teodor -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]