Re: [PHP-DEV] Safe Mode Off

"Shashwat Nagpal" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Date:Sat, 21 Dec 2002 14:37:58 +0530 > Subject: [PHP-DEV] Safe Mode Off > > how can i turn safe_mode on or off from within the script... > > > > -- > PHP Development Mailing List

Re: [PHP-DEV] Safe Mode Off

]> To: [EMAIL PROTECTED] Date:Sat, 21 Dec 2002 14:37:58 +0530 Subject: [PHP-DEV] Safe Mode Off how can i turn safe_mode on or off from within the script... -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Dev

[PHP-DEV] Safe Mode Off

how can i turn safe_mode on or off from within the script... -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Safe Mode

On Fri, May 17, 2002 at 03:46:42AM +0300, Zeev Suraski wrote: > In a perfect world, ISPs would have used chroot'd environments always, > running either CGI's We do. On earth. Kristian -- Kristian Köhntopp, NetUSE AG, Dr.-Hell-Straße, D-24107 Kiel Tel: +49 431 386 435 00, Fax: +49 431 386 435

Re: [PHP-DEV] Safe Mode

At 04:38 PM 5/13/2002, Jason T. Greene wrote: > > I do, for two simple reasons: > > - Misperception about what it's supposed to do - it does NOT secure your > > environment, people expect it to. That's a 'marketing' issue, but we > > should realize that these kinds of issues are at least as imp

Re: [PHP-DEV] Safe Mode

On Mon, May 13, 2002 at 08:38:13AM -0500, Jason T. Greene wrote : > I get the feeling that you are mainly arguing the marketing perspective. > > : ) > > > I completely agree that safe mode is badly named. However, I still find > uid checking, and restricting process spawning very useful S

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 09:54, Ilia A. wrote: > > Now you are really starting to stretch it. I am sure the ratio of > > customers that have db backends are much smaller than general webhosting > > customers > > PHP is very commonly used with a database (MySQL). I'd venture to say that 70% > of peo

Re: [PHP-DEV] Safe Mode

I very much agree : ) -Jason On Mon, 2002-05-13 at 03:42, veins wrote: > > He has a point in the sense that it's trivially easy to starve a PHP based > > web server from within, safe mode enabled or not. What you describe as > the > > automated way in which the web server will overcome this att

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 04:11, Zeev Suraski wrote: > At 11:42 13/05/2002, veins wrote: > > > He has a point in the sense that it's trivially easy to starve a PHP based > > > web server from within, safe mode enabled or not. What you describe as > >the > > > automated way in which the web server wil

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 03:13, Zeev Suraski wrote: > Jason, > > He has a point in the sense that it's trivially easy to starve a PHP based > web server from within, safe mode enabled or not. What you describe as the > automated way in which the web server will overcome this attack is not > real

Re: [PHP-DEV] Safe Mode

Rasmus Lerdorf wrote: >> PHP being a web server scripting language is a unique case, for example >> consider that once apache 2.0 becomes stable, safe_mode will become >> obsolete, on the other hand the situation described here will become >> quite deadly if some sort of threaded mode is used. So

Re: [PHP-DEV] Safe Mode

Jason Greene wrote: > >> while(1) fopen(rand(), "w"); >> >> After a few seconds depending on system speed system will run out of file >> pointers. I am sure you can see how that would be BAD. > > You are _extremely_ incorrect. The previously mentioned code would open > 1 file descriptor repeat

Re: [PHP-DEV] Safe Mode

> PHP being a web server scripting language is a unique case, for example > consider that once apache 2.0 becomes stable, safe_mode will become > obsolete, on the other hand the situation described here will become quite > deadly if some sort of threaded mode is used. So FD limit would because > q

Re: [PHP-DEV] Safe Mode

Rasmus Lerdorf wrote: >> Heh, I am certain that most ISPs admins are not subscribed to the >> development list of every software they are running, monitoring such >> lists would be near impossible due to large cumulative volume of email. I >> am sure some IPSs will do exactly what you suggest and

Re: [PHP-DEV] Safe Mode

> Now you are really starting to stretch it. I am sure the ratio of > customers that have db backends are much smaller than general webhosting > customers PHP is very commonly used with a database (MySQL). I'd venture to say that 70% of people who actively use PHP use it with MySQL or another da

Re: [PHP-DEV] Safe Mode

On May 13, 2002 04:42 am, veins wrote: > > He has a point in the sense that it's trivially easy to starve a PHP > > based web server from within, safe mode enabled or not. What you > > describe as > > the > > > automated way in which the web server will overcome this attack is not > > realistic -

Re: [PHP-DEV] Safe Mode

I don't like safe mode and I don't use it on any of my systems and manage to convince most of my customers not to use it either. However, I happen to write distributable software written in PHP and had on more then 1 occassion came across systems with safe_mode enabled. While writing the code t

Re: [PHP-DEV] Safe Mode

IMHO this is the path we should pursue for PHP 5.0. - Stig On Mon, 2002-05-13 at 00:53, Shane Caraveo wrote: > FastCGI can provide the security needed in shared environments, without > loosing all the performance. I don't beleive it is fast as direct > server plugins, but there are other ben

Re: [PHP-DEV] Safe Mode

Not for every user, but you can at least chroot people away to the same dir where they can not do local server hacks. I was _not_ suggesting that you set up five million chroot environments. :-) But, you said yourself that you bailed out on safe mode and went for a cgi setup. So that means exec

Re: [PHP-DEV] Safe Mode

On 12 May 2002 23:42:21 +0200 "Stig S. Bakken" <[EMAIL PROTECTED]> wrote: > Well, as long as there is exec(2), there is a way. How many users do > Lycos Europe provide sandboxed PHP for? heya, We provide php for roughly 5 000 000 users, and it's growing everyday by 5000 approximately. Chroot

Re: [PHP-DEV] Safe Mode

At 11:42 13/05/2002, veins wrote: > > He has a point in the sense that it's trivially easy to starve a PHP based > > web server from within, safe mode enabled or not. What you describe as >the > > automated way in which the web server will overcome this attack is not > > realistic - pretty quickl

Re: [PHP-DEV] Safe Mode

Jason, He has a point in the sense that it's trivially easy to starve a PHP based web server from within, safe mode enabled or not. What you describe as the automated way in which the web server will overcome this attack is not realistic - pretty quickly, the web server would hit the maximum

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 00:41, Ilia A. wrote: > > disable_functions = sleep > > Ah but you forgot usleep, and flock() and socket_set_limit etc... > Soon enough you'll disable every function. Not likely, and I wouldn't disable every single function. You complained about the ability, I provided you

Re: [PHP-DEV] Safe Mode

> disable_functions = sleep Ah but you forgot usleep, and flock() and socket_set_limit etc... Soon enough you'll disable every function. And when you do, I'll still be able to deadlock a PHP process by making it excute a query on a locked SQL table, thus end up waiting forever for the lock to

Re: [PHP-DEV] Safe Mode

On Sun, 2002-05-12 at 23:38, Ilia A. wrote: > > Really, what is that line? > > sleep(1000); > > If you insist on being creative you can use file locking or sockets to get the > process in to un-interuptible sleep. > > > I would take a bet that it probably has > > nothing to do with safe m

Re: [PHP-DEV] Safe Mode

> Really, what is that line? sleep(1000); If you insist on being creative you can use file locking or sockets to get the process in to un-interuptible sleep. > I would take a bet that it probably has > nothing to do with safe mode, and would work regardless of it being in > the language..

Re: [PHP-DEV] Safe Mode

On Sun, 2002-05-12 at 22:46, Ilia A. wrote: > > However, quite frankly, this is a lame attack, because all it will do is > > consume file descriptors for only the CHILD process the script is > > running in. The script will then hit the fd limit of the child process > > (most systems around 255 is

Re: [PHP-DEV] Safe Mode

> However, quite frankly, this is a lame attack, because all it will do is > consume file descriptors for only the CHILD process the script is > running in. The script will then hit the fd limit of the child process > (most systems around 255 is the default) This will not hurt the process, > becau

Re: [PHP-DEV] Safe Mode

> while(1) fopen(rand(), "w"); > > After a few seconds depending on system speed system will run out of file > pointers. I am sure you can see how that would be BAD. You are _extremely_ incorrect. The previously mentioned code would open 1 file descriptor repeatedly until the script hit max ex

Re: [PHP-DEV] Safe Mode

> > 2. Pitch in and get Apache 2's perchild mpm up to snuff. There are > >all sorts of other issues associated with this option though, like > >needing to make sure all the stuff we link against is threadsafe. > > Actually this isn't as bad as it sounds. I've been doing some of the > work

Re: [PHP-DEV] Safe Mode

FastCGI can provide the security needed in shared environments, without loosing all the performance. I don't beleive it is fast as direct server plugins, but there are other benefits...such as running PHP single threaded to avoid thread issues. It would be nice to see it become a standard co

Re: [PHP-DEV] Safe Mode

On Sun, May 12, 2002 at 02:52:24PM -0700, Rasmus Lerdorf wrote: ... > 2. Pitch in and get Apache 2's perchild mpm up to snuff. There are >all sorts of other issues associated with this option though, like >needing to make sure all the stuff we link against is threadsafe. Actually this is

Re: [PHP-DEV] Safe Mode

It may not be the fastest solution, but certainly a secure one. It is up to each admin to decide whether they want speed or security, I am sure the security minded ISPs probably would prefer a small performance loss over security & integrity of their customer's data. Ilia On May 12, 2002 05:4

Re: [PHP-DEV] Safe Mode

Instead of just giving up on the problem, perhaps we should go into full attack mode. I see a couple of choices (and there are probably others): 1. Review and push open_basedir as the PHP-based jail mechanism 2. Pitch in and get Apache 2's perchild mpm up to snuff. There are all sorts of ot

Re: [PHP-DEV] Safe Mode

Ok, but dropping to CGI is kind of crappy. Especially on a really busy server. On 12 May 2002, Stig S. Bakken wrote: > Well, as long as there is exec(2), there is a way. How many users do > Lycos Europe provide sandboxed PHP for? > > - Stig > > On Sun, 2002-05-12 at 23:37, Rasmus Lerdorf wrot

Re: [PHP-DEV] Safe Mode

Well, as long as there is exec(2), there is a way. How many users do Lycos Europe provide sandboxed PHP for? - Stig On Sun, 2002-05-12 at 23:37, Rasmus Lerdorf wrote: > But for really large shared hosts, I don't think that is feasible. How > are you going set up 100,000 prisons on a server? >

Re: [PHP-DEV] Safe Mode

But for really large shared hosts, I don't think that is feasible. How are you going set up 100,000 prisons on a server? > I'm +1 on removing safe mode in PHP 5, and encourage the use of > system-level sandboxes/prisons instead. > > - Stig > > On Sat, 2002-05-11 at 17:39, Ilia A. wrote: > > In

Re: [PHP-DEV] Safe Mode

I'm +1 on removing safe mode in PHP 5, and encourage the use of system-level sandboxes/prisons instead. - Stig On Sat, 2002-05-11 at 17:39, Ilia A. wrote: > In the process of writing an installer in PHP for one of my projects I've come > in contact with a number of servers running PHP with saf

Re: [PHP-DEV] Safe Mode

On May 11, 2002 06:56 pm, Chand wrote: > The solution we've chosen is to have a cgi php binary instead of a > module for security stuff. The main reason to do so was to have the > user-created file have the user's uid. We had to suid the php binary and > setuid() the process to the script's uid,

Re: [PHP-DEV] Safe Mode

On Sat, 2002-05-11 at 19:27, Zeev Suraski wrote: > At 20:17 11/05/2002, Rasmus Lerdorf wrote: > > > Ideally every ISP would use it and each virtual host would have such a > > > directory. In reality I've set to see a SINGLE ISP that has used that > > option. > > > In fact I didn't know about it m

Re: [PHP-DEV] Safe Mode

> Heh, I am certain that most ISPs admins are not subscribed to the development > list of every software they are running, monitoring such lists would be near > impossible due to large cumulative volume of email. I am sure some IPSs will > do exactly what you suggest and disable the function, but

Re: [PHP-DEV] Safe Mode

> None in this case, but that has nothing to do with the problem. That is > obviously a bug. Did you submit it? Bug Report #17155 :) >The fact is that the problem cannot be > solved purely by UNIX-level permissions. Things like safe-mode or > open_basedir are needed. > > And the ISP that is on

Re: [PHP-DEV] Safe Mode

> > Yes, but safe_mode guards against one user getting at another's user's > > data. So again, I fail to see your point here. > > No offence but this bullshit. > > On a system with safe_mode > show_source("/etc/passwd"); > ?> > > Works!! What data did you protect?! None in this case, but that h

Re: [PHP-DEV] Safe Mode

> > > > That's not really a PHP issue. Many ISP's turn off cgi-bin access so > > > in those cases that won't work. > > > > Cerainly some ISPs do that, but most do offer cgi-bin directories in > > addition to PHP, because many of their customers rely on perl/c etc.. > > scripts that can be run via

Re: [PHP-DEV] Safe Mode

Zeev Suraski wrote: > At 20:17 11/05/2002, Rasmus Lerdorf wrote: > >> > Ideally every ISP would use it and each virtual host would have such a >> > directory. In reality I've set to see a SINGLE ISP that has used >> that option. >> > In fact I didn't know about it myself until you told me about

Re: [PHP-DEV] Safe Mode

At 20:17 11/05/2002, Rasmus Lerdorf wrote: > > Ideally every ISP would use it and each virtual host would have such a > > directory. In reality I've set to see a SINGLE ISP that has used that > option. > > In fact I didn't know about it myself until you told me about on IRC. > >Well, it is well d

Re: [PHP-DEV] Safe Mode

> What is the point of limiting the script's write access if it can just bypass > that by making a copy of itself? This merely adds an annoyance step for the > programmer. If user joe makes a copy of his script so it now is owned by nobody, it still doesn't let him read user bob's scripts. > > T

Re: [PHP-DEV] Safe Mode

On May 11, 2002 11:35 am, you wrote: > > There are numerous ways to bypass it, rely on file system utils if they > > are in the path, > > Won't work. > > > make the script copy itself and then write stuff as webserver, > > You always write stuff as web server What is the point of limiting the scr

Re: [PHP-DEV] Safe Mode

> There are numerous ways to bypass it, rely on file system utils if they are in > the path, Won't work. > make the script copy itself and then write stuff as webserver, You always write stuff as web server > install a small script into cgi-bin directory that will do the same thing That's not

Re: [PHP-DEV] Safe Mode

> If the safe_mode like functionality remains it should simply block all file > system and shell execution code since with it most of that code becomes > useless anyway. It already does this. You can only execute things in the safe_mode_exec_dir. -Rasmus -- PHP Development Mailing List

[PHP-DEV] Safe Mode

In the process of writing an installer in PHP for one of my projects I've come in contact with a number of servers running PHP with safe_mode enabled. As you can probably imagine the installer at first broke completely because of safe_mode restrictions. Despite the restriction I was able to wri

Re: [PHP-DEV] Safe mode hole in mail()

On Mon, 2 Jul 2001, Jan Lehnardt wrote: > Hi, > has this been recognized already? a quick look on the archives said no. Yes, this is valid. I will fix this tonight. (The first problem) Derick > > > Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > Precedence: bulk > List-Id: > List-Pos

[PHP-DEV] Safe mode hole in mail()

Hi, has this been recognized already? a quick look on the archives said no. Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Unsubscribe: List-Subscribe:

[PHP-DEV] Safe mode issues

Release: CVS tree 2001-03-21 and php4.0.4-pl1 Some remarks about missed funzionality and bugs fopen function, even in read mode miserably fails on any file not owned by the script owner even if the the web server process owner has read permissions, on it. As any file created by php is owned by th