ID: 8963 Updated by: sniper Reported By: [EMAIL PROTECTED] Status: Open Old-Bug Type: *Configuration Issues Bug Type: Feature/Change Request Assigned To: Comments: safe_mode has to be rewritten anyway..reclassified as feature/change request. --Jani Previous Comments: --------------------------------------------------------------------------- [2001-01-28 05:36:44] [EMAIL PROTECTED] When I set include_path = ".:/usr/share/php" to access shared libraries and safe_mode = On is set, users cannot use files in /usr/share/php, just because there're userid check in main/fopen_wrappers.c. It means in safe mode you can include files with the same owner userid only, as the controlling file (eg. which contains that include or require). My opinion: checks, mandatory blockings and security enhancements should be distinguished via a new entry in php.ini. Excerpt of my previous mail: Check/block summary env.var block: - AUTHORIZATION (only in apache SAPI) function block: - dl - set_time_limit function restrictions: - safe_mode_allowed_env_vars - safe_mode_protected_env_vars privileges - sanity checks mkdir, rmdir, rename, unlink, copy, chkgrp, chown, chmod, touch, symlink, link, mkfifo, pg_loimport, filepro, filepro_rowcount, filepro_retrieve, dbase_open, dbase_create, dbmopen - special access permissions block chmod - userid checks fopen Conclusion Some things are must-have in safe_mode, but I would put an own flag for each type (well, the privilege sanity checks don't do any bad, so this type doesn't need another flag). --------------------------------------------------------------------------- Full Bug description available at: http://bugs.php.net/?id=8963 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]