Re: [PHP-DEV] Safe Mode Off

Thanks Mike, but I m facing a problem in uploading files through PHP and i don't have xs to php.ini so i was wondering if something can help b4 i ask server ppl. Cheers! Shashwat "Mike Hall" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You don't... for t

Re: [PHP-DEV] Safe Mode Off

You don't... for that would be a profoundly stupid feature, defeating the point of safe mode. And I suspect [EMAIL PROTECTED] would be a better place for this question --- Original Message --- From:"Shashwat Nagpal" <[EMAIL PROTECTED]> To: [EMAIL P

Re: [PHP-DEV] Safe Mode

On Fri, May 17, 2002 at 03:46:42AM +0300, Zeev Suraski wrote: > In a perfect world, ISPs would have used chroot'd environments always, > running either CGI's We do. On earth. Kristian -- Kristian Köhntopp, NetUSE AG, Dr.-Hell-Straße, D-24107 Kiel Tel: +49 431 386 435 00, Fax: +49 431 386 435

Re: [PHP-DEV] Safe Mode

At 04:38 PM 5/13/2002, Jason T. Greene wrote: > > I do, for two simple reasons: > > - Misperception about what it's supposed to do - it does NOT secure your > > environment, people expect it to. That's a 'marketing' issue, but we > > should realize that these kinds of issues are at least as imp

Re: [PHP-DEV] Safe Mode

On Mon, May 13, 2002 at 08:38:13AM -0500, Jason T. Greene wrote : > I get the feeling that you are mainly arguing the marketing perspective. > > : ) > > > I completely agree that safe mode is badly named. However, I still find > uid checking, and restricting process spawning very useful S

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 09:54, Ilia A. wrote: > > Now you are really starting to stretch it. I am sure the ratio of > > customers that have db backends are much smaller than general webhosting > > customers > > PHP is very commonly used with a database (MySQL). I'd venture to say that 70% > of peo

Re: [PHP-DEV] Safe Mode

I very much agree : ) -Jason On Mon, 2002-05-13 at 03:42, veins wrote: > > He has a point in the sense that it's trivially easy to starve a PHP based > > web server from within, safe mode enabled or not. What you describe as > the > > automated way in which the web server will overcome this att

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 04:11, Zeev Suraski wrote: > At 11:42 13/05/2002, veins wrote: > > > He has a point in the sense that it's trivially easy to starve a PHP based > > > web server from within, safe mode enabled or not. What you describe as > >the > > > automated way in which the web server wil

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 03:13, Zeev Suraski wrote: > Jason, > > He has a point in the sense that it's trivially easy to starve a PHP based > web server from within, safe mode enabled or not. What you describe as the > automated way in which the web server will overcome this attack is not > real

Re: [PHP-DEV] Safe Mode

Rasmus Lerdorf wrote: >> PHP being a web server scripting language is a unique case, for example >> consider that once apache 2.0 becomes stable, safe_mode will become >> obsolete, on the other hand the situation described here will become >> quite deadly if some sort of threaded mode is used. So

Re: [PHP-DEV] Safe Mode

Jason Greene wrote: > >> while(1) fopen(rand(), "w"); >> >> After a few seconds depending on system speed system will run out of file >> pointers. I am sure you can see how that would be BAD. > > You are _extremely_ incorrect. The previously mentioned code would open > 1 file descriptor repeat

Re: [PHP-DEV] Safe Mode

> PHP being a web server scripting language is a unique case, for example > consider that once apache 2.0 becomes stable, safe_mode will become > obsolete, on the other hand the situation described here will become quite > deadly if some sort of threaded mode is used. So FD limit would because > q

Re: [PHP-DEV] Safe Mode

Rasmus Lerdorf wrote: >> Heh, I am certain that most ISPs admins are not subscribed to the >> development list of every software they are running, monitoring such >> lists would be near impossible due to large cumulative volume of email. I >> am sure some IPSs will do exactly what you suggest and

Re: [PHP-DEV] Safe Mode

> Now you are really starting to stretch it. I am sure the ratio of > customers that have db backends are much smaller than general webhosting > customers PHP is very commonly used with a database (MySQL). I'd venture to say that 70% of people who actively use PHP use it with MySQL or another da

Re: [PHP-DEV] Safe Mode

On May 13, 2002 04:42 am, veins wrote: > > He has a point in the sense that it's trivially easy to starve a PHP > > based web server from within, safe mode enabled or not. What you > > describe as > > the > > > automated way in which the web server will overcome this attack is not > > realistic -

Re: [PHP-DEV] Safe Mode

I don't like safe mode and I don't use it on any of my systems and manage to convince most of my customers not to use it either. However, I happen to write distributable software written in PHP and had on more then 1 occassion came across systems with safe_mode enabled. While writing the code t

Re: [PHP-DEV] Safe Mode

IMHO this is the path we should pursue for PHP 5.0. - Stig On Mon, 2002-05-13 at 00:53, Shane Caraveo wrote: > FastCGI can provide the security needed in shared environments, without > loosing all the performance. I don't beleive it is fast as direct > server plugins, but there are other ben

Re: [PHP-DEV] Safe Mode

Not for every user, but you can at least chroot people away to the same dir where they can not do local server hacks. I was _not_ suggesting that you set up five million chroot environments. :-) But, you said yourself that you bailed out on safe mode and went for a cgi setup. So that means exec

Re: [PHP-DEV] Safe Mode

On 12 May 2002 23:42:21 +0200 "Stig S. Bakken" <[EMAIL PROTECTED]> wrote: > Well, as long as there is exec(2), there is a way. How many users do > Lycos Europe provide sandboxed PHP for? heya, We provide php for roughly 5 000 000 users, and it's growing everyday by 5000 approximately. Chroot

Re: [PHP-DEV] Safe Mode

At 11:42 13/05/2002, veins wrote: > > He has a point in the sense that it's trivially easy to starve a PHP based > > web server from within, safe mode enabled or not. What you describe as >the > > automated way in which the web server will overcome this attack is not > > realistic - pretty quickl

Re: [PHP-DEV] Safe Mode

Jason, He has a point in the sense that it's trivially easy to starve a PHP based web server from within, safe mode enabled or not. What you describe as the automated way in which the web server will overcome this attack is not realistic - pretty quickly, the web server would hit the maximum

Re: [PHP-DEV] Safe Mode

On Mon, 2002-05-13 at 00:41, Ilia A. wrote: > > disable_functions = sleep > > Ah but you forgot usleep, and flock() and socket_set_limit etc... > Soon enough you'll disable every function. Not likely, and I wouldn't disable every single function. You complained about the ability, I provided you

Re: [PHP-DEV] Safe Mode

> disable_functions = sleep Ah but you forgot usleep, and flock() and socket_set_limit etc... Soon enough you'll disable every function. And when you do, I'll still be able to deadlock a PHP process by making it excute a query on a locked SQL table, thus end up waiting forever for the lock to

Re: [PHP-DEV] Safe Mode

On Sun, 2002-05-12 at 23:38, Ilia A. wrote: > > Really, what is that line? > > sleep(1000); > > If you insist on being creative you can use file locking or sockets to get the > process in to un-interuptible sleep. > > > I would take a bet that it probably has > > nothing to do with safe m

Re: [PHP-DEV] Safe Mode

> Really, what is that line? sleep(1000); If you insist on being creative you can use file locking or sockets to get the process in to un-interuptible sleep. > I would take a bet that it probably has > nothing to do with safe mode, and would work regardless of it being in > the language..

Re: [PHP-DEV] Safe Mode

On Sun, 2002-05-12 at 22:46, Ilia A. wrote: > > However, quite frankly, this is a lame attack, because all it will do is > > consume file descriptors for only the CHILD process the script is > > running in. The script will then hit the fd limit of the child process > > (most systems around 255 is

Re: [PHP-DEV] Safe Mode

> However, quite frankly, this is a lame attack, because all it will do is > consume file descriptors for only the CHILD process the script is > running in. The script will then hit the fd limit of the child process > (most systems around 255 is the default) This will not hurt the process, > becau

Re: [PHP-DEV] Safe Mode

> while(1) fopen(rand(), "w"); > > After a few seconds depending on system speed system will run out of file > pointers. I am sure you can see how that would be BAD. You are _extremely_ incorrect. The previously mentioned code would open 1 file descriptor repeatedly until the script hit max ex

Re: [PHP-DEV] Safe Mode

> > 2. Pitch in and get Apache 2's perchild mpm up to snuff. There are > >all sorts of other issues associated with this option though, like > >needing to make sure all the stuff we link against is threadsafe. > > Actually this isn't as bad as it sounds. I've been doing some of the > work

Re: [PHP-DEV] Safe Mode

FastCGI can provide the security needed in shared environments, without loosing all the performance. I don't beleive it is fast as direct server plugins, but there are other benefits...such as running PHP single threaded to avoid thread issues. It would be nice to see it become a standard co

Re: [PHP-DEV] Safe Mode

On Sun, May 12, 2002 at 02:52:24PM -0700, Rasmus Lerdorf wrote: ... > 2. Pitch in and get Apache 2's perchild mpm up to snuff. There are >all sorts of other issues associated with this option though, like >needing to make sure all the stuff we link against is threadsafe. Actually this is

Re: [PHP-DEV] Safe Mode

It may not be the fastest solution, but certainly a secure one. It is up to each admin to decide whether they want speed or security, I am sure the security minded ISPs probably would prefer a small performance loss over security & integrity of their customer's data. Ilia On May 12, 2002 05:4

Re: [PHP-DEV] Safe Mode

Instead of just giving up on the problem, perhaps we should go into full attack mode. I see a couple of choices (and there are probably others): 1. Review and push open_basedir as the PHP-based jail mechanism 2. Pitch in and get Apache 2's perchild mpm up to snuff. There are all sorts of ot

Re: [PHP-DEV] Safe Mode

Ok, but dropping to CGI is kind of crappy. Especially on a really busy server. On 12 May 2002, Stig S. Bakken wrote: > Well, as long as there is exec(2), there is a way. How many users do > Lycos Europe provide sandboxed PHP for? > > - Stig > > On Sun, 2002-05-12 at 23:37, Rasmus Lerdorf wrot

Re: [PHP-DEV] Safe Mode

Well, as long as there is exec(2), there is a way. How many users do Lycos Europe provide sandboxed PHP for? - Stig On Sun, 2002-05-12 at 23:37, Rasmus Lerdorf wrote: > But for really large shared hosts, I don't think that is feasible. How > are you going set up 100,000 prisons on a server? >

Re: [PHP-DEV] Safe Mode

But for really large shared hosts, I don't think that is feasible. How are you going set up 100,000 prisons on a server? > I'm +1 on removing safe mode in PHP 5, and encourage the use of > system-level sandboxes/prisons instead. > > - Stig > > On Sat, 2002-05-11 at 17:39, Ilia A. wrote: > > In

Re: [PHP-DEV] Safe Mode

I'm +1 on removing safe mode in PHP 5, and encourage the use of system-level sandboxes/prisons instead. - Stig On Sat, 2002-05-11 at 17:39, Ilia A. wrote: > In the process of writing an installer in PHP for one of my projects I've come > in contact with a number of servers running PHP with saf

Re: [PHP-DEV] Safe Mode

On May 11, 2002 06:56 pm, Chand wrote: > The solution we've chosen is to have a cgi php binary instead of a > module for security stuff. The main reason to do so was to have the > user-created file have the user's uid. We had to suid the php binary and > setuid() the process to the script's uid,

Re: [PHP-DEV] Safe Mode

On Sat, 2002-05-11 at 19:27, Zeev Suraski wrote: > At 20:17 11/05/2002, Rasmus Lerdorf wrote: > > > Ideally every ISP would use it and each virtual host would have such a > > > directory. In reality I've set to see a SINGLE ISP that has used that > > option. > > > In fact I didn't know about it m

Re: [PHP-DEV] Safe Mode

> Heh, I am certain that most ISPs admins are not subscribed to the development > list of every software they are running, monitoring such lists would be near > impossible due to large cumulative volume of email. I am sure some IPSs will > do exactly what you suggest and disable the function, but

Re: [PHP-DEV] Safe Mode

> None in this case, but that has nothing to do with the problem. That is > obviously a bug. Did you submit it? Bug Report #17155 :) >The fact is that the problem cannot be > solved purely by UNIX-level permissions. Things like safe-mode or > open_basedir are needed. > > And the ISP that is on

Re: [PHP-DEV] Safe Mode

> > Yes, but safe_mode guards against one user getting at another's user's > > data. So again, I fail to see your point here. > > No offence but this bullshit. > > On a system with safe_mode > show_source("/etc/passwd"); > ?> > > Works!! What data did you protect?! None in this case, but that h

Re: [PHP-DEV] Safe Mode

> > > > That's not really a PHP issue. Many ISP's turn off cgi-bin access so > > > in those cases that won't work. > > > > Cerainly some ISPs do that, but most do offer cgi-bin directories in > > addition to PHP, because many of their customers rely on perl/c etc.. > > scripts that can be run via

Re: [PHP-DEV] Safe Mode

Zeev Suraski wrote: > At 20:17 11/05/2002, Rasmus Lerdorf wrote: > >> > Ideally every ISP would use it and each virtual host would have such a >> > directory. In reality I've set to see a SINGLE ISP that has used >> that option. >> > In fact I didn't know about it myself until you told me about

Re: [PHP-DEV] Safe Mode

At 20:17 11/05/2002, Rasmus Lerdorf wrote: > > Ideally every ISP would use it and each virtual host would have such a > > directory. In reality I've set to see a SINGLE ISP that has used that > option. > > In fact I didn't know about it myself until you told me about on IRC. > >Well, it is well d

Re: [PHP-DEV] Safe Mode

> What is the point of limiting the script's write access if it can just bypass > that by making a copy of itself? This merely adds an annoyance step for the > programmer. If user joe makes a copy of his script so it now is owned by nobody, it still doesn't let him read user bob's scripts. > > T

Re: [PHP-DEV] Safe Mode

On May 11, 2002 11:35 am, you wrote: > > There are numerous ways to bypass it, rely on file system utils if they > > are in the path, > > Won't work. > > > make the script copy itself and then write stuff as webserver, > > You always write stuff as web server What is the point of limiting the scr

Re: [PHP-DEV] Safe Mode

> There are numerous ways to bypass it, rely on file system utils if they are in > the path, Won't work. > make the script copy itself and then write stuff as webserver, You always write stuff as web server > install a small script into cgi-bin directory that will do the same thing That's not

Re: [PHP-DEV] Safe Mode

> If the safe_mode like functionality remains it should simply block all file > system and shell execution code since with it most of that code becomes > useless anyway. It already does this. You can only execute things in the safe_mode_exec_dir. -Rasmus -- PHP Development Mailing List

Re: [PHP-DEV] Safe mode hole in mail()

On Mon, 2 Jul 2001, Jan Lehnardt wrote: > Hi, > has this been recognized already? a quick look on the archives said no. Yes, this is valid. I will fix this tonight. (The first problem) Derick > > > Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > Precedence: bulk > List-Id: > List-Pos