ID: 8963
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Status: Open
Old-Bug Type: *Configuration Issues
Bug Type: Feature/Change Request
Assigned To:
Comments:
safe_mode has to be rewritten anyway..reclassified as feature/change request.
--Jani
Previous Comments:
---------------------------------------------------------------------------
[2001-01-28 05:36:44] [EMAIL PROTECTED]
When I set
include_path = ".:/usr/share/php"
to access shared libraries and
safe_mode = On
is set, users cannot use files in /usr/share/php, just because there're userid check
in main/fopen_wrappers.c. It means in safe mode you can include files with the same
owner userid only, as the controlling file (eg. which contains that include or
require).
My opinion: checks, mandatory blockings and security enhancements should be
distinguished via a new entry in php.ini.
Excerpt of my previous mail:
Check/block summary
env.var block:
- AUTHORIZATION (only in apache SAPI)
function block:
- dl
- set_time_limit
function restrictions:
- safe_mode_allowed_env_vars
- safe_mode_protected_env_vars
privileges
- sanity checks
mkdir, rmdir, rename, unlink, copy, chkgrp, chown, chmod, touch,
symlink, link, mkfifo, pg_loimport, filepro, filepro_rowcount,
filepro_retrieve, dbase_open, dbase_create, dbmopen
- special access permissions block
chmod
- userid checks
fopen
Conclusion
Some things are must-have in safe_mode, but I would put an own flag for each type
(well, the privilege sanity checks don't do any bad, so this type doesn't need another
flag).
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=8963
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
