Re: [PHP] Safe mode story
On May 11, 2008, at 12:06 AM, admin wrote: [snip!] Safe mode has _got_ to be there for some good reason. Read on about PHP6 http://www.ibm.com/developerworks/opensource/library/os-php-future/?ca=dgr-lnxw01PHP-Future Scroll down to where the title is Things removed - notice that 'safe_mode' is listed. It may have been put in originally for a good reason, but since then deprecated. HTH, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Safe mode story
You could try having apache run as the UID of the user. With a few modifications to apache site config and you should be golden! HTH, Wolf -Original Message- From: admin [EMAIL PROTECTED] Sent: Sunday, May 11, 2008 1:06 AM To: php-general@lists.php.net Subject: [PHP] Safe mode story Hi all, I'm running a Plesk 8.3 mass hosting server equipped with PHP 5.1.6 on CentOS 5, and I'm facing the problem of PHP Safe mode barfing at the UID mismatch of PHP scripts uploaded by user's FTP UID, and later executed by Apache UID, where user's PHP scripts thusly uploaded attempt to write any files while doing their job. Is there an educated solution? What if I relax safe mode checks to gid (safe_mode_gid=On), and given that GID is psacln for every Plesk-hosted customer, with only UIDs being different, is there any risk that folks operating on their own chmod 660 files will be able to overwrite other people's chmod 660 files? Or will open_basedir be enough to prevent unwanted PHP level file access while relaxing safe mode uid check at the same time? (by default, it is properly set by Plesk in %mysite%/conf/httpd.include) ? BTW, safe_mode_exec_dir is empty by default, does it mean if I do set safe_mode_gid then users will be able to exec other Plesk users' cgi-bin scripts etc. because of GIDs being equal?? Safe mode has _got_ to be there for some good reason. Thanks in advance for any tips. -- [The entire original message is not included] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode question
Your php.ini should have root as its owner and be set to 600, if your using apache server then apache must start as root, the php.ini file is read only once by root when the server starts - so that setting should not cause problems, however if using the cli then you should also make /etc/php.ini readable by all other users (permissions 644). Not sure why the suse folks would put both --enable-cli and --disable-cli but i notice they also have --with-pear and --without-pear, which takes precedence im not completely sure but would think the last one would so you probably have pear and the cli installed despite the --disable and --without lines, if i remember correctly the cli is required to use pear so --disable-cli would force --without-pear, i would suggest you compile your own version. ~James (Robin) wrote: Doh - I figured it out (for those who were interested). The permissions on /etc/php.ini was set to 600 (owner == root). Changing this it other read, fixes the issue. Any idea why Suse would do this? Thanks -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode question
Doh - I figured it out (for those who were interested). The permissions on /etc/php.ini was set to 600 (owner == root). Changing this it other read, fixes the issue. Any idea why Suse would do this? Thanks -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
-Original Message- From: Bostjan Skufca @ domenca.com [mailto:[EMAIL PROTECTED] Sent: Thursday, July 28, 2005 1:38 PM I would *never* host anything on a server with safe_mode on! What are your reasons for this decision? I correted it in a mail 5 minutes after. With safe_mode off this is possible System(cat /home/Bostjan/include/db_setup.inc); From any php script and any user. One should be protected by safe_mode_gid and safe_mode_include_dir, but I´ve seen several examples of hosting setups that allows complete access to another users directory. With safe_mode on I´M more safe and so are my customers ;-) -- Med venlig hilsen / best regards ComX Networks A/S Kim Madsen Systemudvikler/Systemdeveloper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode subdirectory workaround patch
Bostjan Skufca wrote: Hi everyone, I created a patch which enables subdirectories to be created and used even if PHP is running with safe mode enabled (common problem on shared hosts where Apache/PHP runs as user 'nobody' or 'www'). Patch can be found here: http://www.lenivec.com/php/patches/ Comments are welcome! Not to dismiss the work you've put into this, but how does a user in a shared hosting enviroment apply this patch and re-compile php? -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
-Original Message- From: Ryan A [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 6:29 PM I presently require hosting with a company that has their servers in Sweden, and I need a shared hosting account, any recommendations are welcome, the server is for a client. I have found quire a few via google but I noticed most of them are with Safemode ON and Register_globals ON which I find to be quite strange because I have always hosted on a regular server with safe mode off, register_ globals does not really metter, as if it was off I didnt do anything but if it was on I used a htaccess file to put the b**ch off :-) I have done a little reading on Safe Mode, but I'm looking for _your_ experiences with safe mode and the problems you have faced or/and any warnings for me. Will continue to read and search via google while i wait for your answer/s. I would *never* host anything on a server with safe_mode on! System(cat /home/USER/include/db_setup.inc); -- Med venlig hilsen / best regards ComX Networks A/S Kim Madsen Systemudvikler/Systemdeveloper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
Ahem! -Original Message- From: Kim Madsen [mailto:[EMAIL PROTECTED] Sent: Thursday, July 28, 2005 12:01 PM I would *never* host anything on a server with safe_mode on! s/safe_mode on/safe_mode off/ /Kim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode
Hey Kim, I would *never* host anything on a server with safe_mode on! Just 1 day late :-( just bought hosting for a year with b-one.se :-( Whats the main reasons you would never host with safe mode on? and whats this: s/safe_mode on/safe_mode off/ ?? Thanks, Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode
-Original Message- From: Kim Madsen [mailto:[EMAIL PROTECTED] Sent: Thursday, July 28, 2005 12:01 PM I would *never* host anything on a server with safe_mode on! What are your reasons for this decision? regards, Bostjan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm On 25 November 2004 00:47, SED wrote: Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? It works like this: (1) Script (owned by you) attempts to access original directory (owned by you, presumably) -- ok. (2) Script (owned by you, but running as Apache user) creates new subdirectory (set to be owned by user *running* the script, i.e. Apache user). (3) Script (owned by you) attempts to access new subdirectory (owned by Apache user) -- denied. So, yes, you can create a directory which it is then impossible to access -- this is an unfortunate side-effect of safe mode when PHP runs as an Apache module and hence as the Apache user. This is why hosted services often use chrooted jails with PHP as a CGI -- the individual copies of PHP then run with the appropriate uids of the host usernames. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
SED wrote: It just seems not making sence. I have read the manual and it does not explain this specially. If the user owns this folder: www\myfolders And runs a PHP-script in safe mode that creates the folder www\myfolders\who. Who owns the who folder? If the webserver is run under user nobody, then who folder is owned by user nobody. Only root can change owners so there's no way around it. I assume the owner. If so, why can't the PHP-script create another folder inside like www\myfolders\who\this like before? Webserver running under user nobody reads in your script owned by you. PHP has safe mode on, so everytime it creates a file or directory it checks if the owner of the parent directory is the same as the owner of the php script being executed. If it's not, it issues an SAFE MODE Restriction in effect error. If the user of the php process (UID) is the owner of the new folder, why can't it create a folder inside its own folder? Is it because it's triggered by a user different from the user of the PHP process? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
This answer from Mike solved this (e.g. create a CGI process for this task): [...] So, yes, you can create a directory which it is then impossible to access -- this is an unfortunate side-effect of safe mode when PHP runs as an Apache module and hence as the Apache user. This is why hosted services often use chrooted jails with PHP as a CGI -- the individual copies of PHP then run with the appropriate uids of the host usernames. [...] Regards, Summi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 00:05 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
SED wrote: Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? Once again: the user of the php process is different from the owner of the php script. And this is what matters. The limitation is not at operating system level, but php willingly chooses not to let you create the subdirectory (because safe mode is on) Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 00:05 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
It just seems not making sence. I have read the manual and it does not explain this specially. If the user owns this folder: www\myfolders And runs a PHP-script in safe mode that creates the folder www\myfolders\who. Who owns the who folder? I assume the owner. If so, why can't the PHP-script create another folder inside like www\myfolders\who\this like before? If the user of the php process (UID) is the owner of the new folder, why can't it create a folder inside its own folder? Is it because it's triggered by a user different from the user of the PHP process? Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 01:13 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Then, shouldn't the owner be able to handle the new directory? In my case, the owner creates the directory X but can't create a subdirectory inside the directory X! nor save a file into it! Can you explain that? Is the PHP not always running as the same user? Or is it base on type of the function? Once again: the user of the php process is different from the owner of the php script. And this is what matters. The limitation is not at operating system level, but php willingly chooses not to let you create the subdirectory (because safe mode is on) Regards, Summi -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 00:05 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() SED wrote: Hi, I have very wierd situation. The ISP is running in SAFE MODE. I use PHP to create a directory with mkdir(something, 0777), it works great! However, if I try to create a sub-directory (e.g. something2) in the something directory, I get the following: Warning: SAFE MODE Restriction in effect. The script whose uid is 3703 is not allowed to access something owned by uid 508 in /www/login/filer.php on line 287 However, if I check the chmod of something directory it's 777. Why can't I use PHP-uid to do create or upload files to this something directory, which PHP-uid itself created? Because SAFE MODE is on :-) It's all in the manual. something is created by the server process so it's also owned by server process. The script is owned by you and can access only directories and files owned by you. You can try to change the group (chgrp()) if safe_mode_gid is on, or use ftp functions to create the directories. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
Hi sed, which version of PHP you using? may not be just Safe Mode. is it the script working well before the safe mode is on? yours, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction - mkdir()
The PHP Version is 4.2.3 on Apache/1.3.27. I'm not the admin on this server. However, I have done this often on other servers, both in safe mode and not, with good success. This is the first time I try this on this server. The ISP-admin is also trying to solve this but with not luck at this time. Regards, Summi -Original Message- From: Michael Leung [mailto:[EMAIL PROTECTED] Sent: 25. nóvember 2004 03:21 To: SED Cc: [EMAIL PROTECTED] Subject: Re: [PHP] SAFE MODE Restriction - mkdir() Hi sed, which version of PHP you using? may not be just Safe Mode. is it the script working well before the safe mode is on? yours, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SAFE MODE Restriction - mkdir()
Hi, I have faced the same problem after the upgrade my server from php 4.2.2 to php 5.0.2. I tested mkdir() in both in safe_mode on and off. I have posted this to php-bug. yours, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode imagecreatefromjpeg
Paulo JF Silva wrote: Hi, I have PHP 4.3.5 and safe mode on. When I create a new image with imagecreatefromjpeg(), the image owner is 'httpd' and not my ftp user. [this is in a shared host]. I would like to know if there is any way to create the image with my user... I can workaround mkdir stuff with ftp access but i can't figure out a workaround this 'problem' caused by safe mode. It's a little tricky. You need to catch imagecreatefromjpeg() output using output buffering, then open a temporary file, write the output there, rewind(), and ftp_fput(). Haven't tried it, but should work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode imagecreatefromjpeg
* Thus wrote Paulo JF Silva: Hi, I have PHP 4.3.5 and safe mode on. When I create a new image with imagecreatefromjpeg(), the image owner is 'httpd' and not my ftp user. [this is in a shared host]. I would like to know if there is any way to create the image with my user... I can workaround mkdir stuff with ftp access but i can't figure out a workaround this 'problem' caused by safe mode. You'll have to request to the hosting company to make it possible that your ftp user can have 'rwx' permissions to the files that the webserver creates. The security implications will have to be up to them. Curt -- The above comments may offend you. flame at will. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode?
blackwater dev wrote: Hello all... I finally have an upload script partly working but am not running into this problem. I have this code which executes when the user visits the image upload page: snip if (!file_exists(../images/property_$id)){ mkdir(../images/property_$id, 0700);} $upload_dir = ../images/property_$id; /snip When the user executes the script, it returns and runs this code: snip if($_FILES['file']['name'][$i]) { $file_to_upload = $upload_dir./.$_FILES['file']['name'][$i]; $thisName=$_FILES['file']['name'][$i]; move_uploaded_file($_FILES['file']['tmp_name'][$i],$file_to_upload); } /snip And I get these errors:: Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 1044 is not allowed to access /images/property_128873 owned by uid 1002 in /imageupload.inc.php on line 39 then a bunch of other related errors. I have tried to using 0777 also. How can I get around SAFE MODE as I can't easily change the ini file as it is on my hosts server. Thanks! Use ftp function to create the upload directory. Login as userid 1044, create the directory, change it's permission, and you are done -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode?
so do this each time? I need a routine that will dynamically create a folder, then use that folder to upload images. This problem doesn't exists just on one directory but on all directories dynamically created. Thanks! On Wed, 29 Sep 2004 21:48:05 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: blackwater dev wrote: Hello all... I finally have an upload script partly working but am not running into this problem. I have this code which executes when the user visits the image upload page: snip if (!file_exists(../images/property_$id)){ mkdir(../images/property_$id, 0700);} $upload_dir = ../images/property_$id; /snip When the user executes the script, it returns and runs this code: snip if($_FILES['file']['name'][$i]) { $file_to_upload = $upload_dir./.$_FILES['file']['name'][$i]; $thisName=$_FILES['file']['name'][$i]; move_uploaded_file($_FILES['file']['tmp_name'][$i],$file_to_upload); } /snip And I get these errors:: Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 1044 is not allowed to access /images/property_128873 owned by uid 1002 in /imageupload.inc.php on line 39 then a bunch of other related errors. I have tried to using 0777 also. How can I get around SAFE MODE as I can't easily change the ini file as it is on my hosts server. Thanks! Use ftp function to create the upload directory. Login as userid 1044, create the directory, change it's permission, and you are done -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode?
blackwater dev wrote: so do this each time? I need a routine that will dynamically create a folder, then use that folder to upload images. This problem doesn't exists just on one directory but on all directories dynamically created. I mean PHP ftp functions. http://www.php.net/ftp Thanks! On Wed, 29 Sep 2004 21:48:05 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: blackwater dev wrote: Hello all... I finally have an upload script partly working but am not running into this problem. I have this code which executes when the user visits the image upload page: snip if (!file_exists(../images/property_$id)){ mkdir(../images/property_$id, 0700);} $upload_dir = ../images/property_$id; /snip When the user executes the script, it returns and runs this code: snip if($_FILES['file']['name'][$i]) { $file_to_upload = $upload_dir./.$_FILES['file']['name'][$i]; $thisName=$_FILES['file']['name'][$i]; move_uploaded_file($_FILES['file']['tmp_name'][$i],$file_to_upload); } /snip And I get these errors:: Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid is 1044 is not allowed to access /images/property_128873 owned by uid 1002 in /imageupload.inc.php on line 39 then a bunch of other related errors. I have tried to using 0777 also. How can I get around SAFE MODE as I can't easily change the ini file as it is on my hosts server. Thanks! Use ftp function to create the upload directory. Login as userid 1044, create the directory, change it's permission, and you are done -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Ok. How about set the safe_mode_exec_dir to /dev/null then ? On Wed, 30 Jun 2004 21:55:17 -0700, Justin Patrin [EMAIL PROTECTED] wrote: YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: !DSPAM:40e37582309468563245817! -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
That *may* not work as it's a file, not a folder. You're welcome to try, though. :-) On Fri, 2 Jul 2004 14:19:25 -0400, robert mena [EMAIL PROTECTED] wrote: Ok. How about set the safe_mode_exec_dir to /dev/null then ? On Wed, 30 Jun 2004 21:55:17 -0700, Justin Patrin [EMAIL PROTECTED] wrote: YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: -- paperCrane --Justin Patrin-- !DSPAM:40e5a54342181346017871! -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Ok. It did not worked. I had to create an empy dir. Well, one problem. Since I have users with ftp access and they host php scripts that handle file uploads. The files are created with apache.apache and are usually moved to the user's directory using move_uploaded_file. Since the owner/gorup of the script would be foo.ftponly this would fail due to uid differences. How do I solve this ? Change the user's group from ftponly to apache and use the safe_mode_gid on ? - rt On Fri, 2 Jul 2004 11:28:39 -0700, Justin Patrin [EMAIL PROTECTED] wrote: That *may* not work as it's a file, not a folder. You're welcome to try, though. :-) On Fri, 2 Jul 2004 14:19:25 -0400, robert mena [EMAIL PROTECTED] wrote: Ok. How about set the safe_mode_exec_dir to /dev/null then ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Marek, but the program was executed using a system call from a php script. - rt On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. You can specify a directory with binaries the users can run. Anything outside of that PHP won't run. Just set it to a path with no binaries (and no write access fromusers) and they won't be able to run outside programs unless you let them. You can also put some funcitons in disable_functions, such as system() and exec(), poper(), proc_open(), passthru(), and shell_exec(). Disabling shell_exec() also disables backticks (`) (I think). -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Thats just what he said :p Robert Mena wrote: Marek, but the program was executed using a system call from a php script. - rt On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
robert mena wrote --- napísal:: Marek, but the program was executed using a system call from a php script. - rt And that's what I mean. Every fopen call (almost) in the php binary is wrapped around the safe mode checks. But once you leave the php binary, or even load a php module that does not use this wrapper, safe mode does not work anymore. On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: !DSPAM:40e37582309468563245817! -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode effect
Ravi kumar wrote: HI, goole.com found so many details about safe mode too much to understand. My hosting provider set php safe mode = enable . so iam unable to use so many scripts . can any one give good free image gallery software which will work under safe mode = enable . is it true that with apache 2.x version , we can get ride of php safe mode ? - thanks for your time I don't know of any gallery that can run under safe mode (I did not look), but galleries that I made use ftp functions to upload the images under the same owner as the scripts. Then you can work with the images. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
Can safe mode be turned off in the .htaccess file? I don't know the gallery script but setting safe_mode_include_dir should help. Ask the admin to set it to your directory for your virtual host. Another option would be to use ftp functions to upload the images to your directory, but you would have to rewrite the script. According the safe-mode page http://us4.php.net/features.safe-mode in http.conf : Directory /docroot php_admin_value open_basedir /docroot # In your case safe_mode_include_dir /Directory Can php_admin_value be inlcuding in the *.php pages and/or .htaccess. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Monday 23 February 2004 00:55, [EMAIL PROTECTED] wrote: Can safe mode be turned off in the .htaccess file? [snip] According the safe-mode page http://us4.php.net/features.safe-mode in http.conf : Directory /docroot php_admin_value open_basedir /docroot # In your case safe_mode_include_dir /Directory Can php_admin_value be inlcuding in the *.php pages and/or .htaccess. manual ini_set() -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* What an artist dies with me! -- Nero */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
According the safe-mode page http://us4.php.net/features.safe-mode in http.conf : Directory /docroot php_admin_value open_basedir /docroot # In your case safe_mode_include_dir /Directory Can php_admin_value be inlcuding in the *.php pages and/or .htaccess. manual ini_set() It would seem form the ini_set() comments that the answer to both is yet: - There is another possibility by changing PHP Settings! If your Webspace is able to handle .htaccess files, you're able to change PHP_INI Settings through this file! To disable register_globals you have to set: php_value register_globals 0 If you wanna set other settings, feel free, because there is no problem! These Settings are set before running the script, e.g. the results of register_globals, when setting a parameter in the URL like 'foo.php?foo=stuff', is not present, $foo is unset. If it´s not your server and therefore you want to hide the data in your session variables from other users, it´s very useful to set the session.save_handler in your scripts to shared memory with: ini_set('session.save_handler','mm'). Remember: You have to set it in every script that uses the session variables BEFORE session_start() or php won´t find them. David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas Can safe mode be turned off in the .htaccess file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Saturday, Feb 21, 2004, at 20:17 America/New_York, [EMAIL PROTECTED] wrote: Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas Can safe mode be turned off in the .htaccess file? My guess is no. That is a decision which should belong to the server admin. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 20:17 America/New_York, [EMAIL PROTECTED] wrote: Lucas Gonze wrote: On Saturday, Feb 21, 2004, at 09:18 America/New_York, [EMAIL PROTECTED] wrote: Is it possible to set Apache in such a way that everyting is run under safe-mode, except for a directory and everything underneath in a virtual domain? Very likely yes, if your admin permits it. The place to look for an answer is in documentation for httpd.conf. Good luck. - Lucas Can safe mode be turned off in the .htaccess file? My guess is no. That is a decision which should belong to the server admin. Definately no. It would not be safe mode if anyone can turn it off. I don't know the gallery script but setting safe_mode_include_dir should help. Ask the admin to set it to your directory for your virtual host. Another option would be to use ftp functions to upload the images to your directory, but you would have to rewrite the script. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode and mail
Hello, This is a reply to an e-mail that you wrote on Fri, 20 Jun 2003 at 01:40, lines prefixed by '' were originally written by you. Hi, safe mode on and mass mailing wished. I know that it's not possible to set the time limit, when safe mode is on. Sure mass mailing using mail function takes longer than default execution time of the script. My codes should be portable, that why modification of php.ini is not an option. The users shouldn't be experinced and authorized to do this. In brief, I have to find a solution without a need to work in shell. So, due to my theoratical knowledge it seems to be a solution, to queue the mails to sendmail by using popen. Is it true? Or what could be your suggestion for this issue. Thanks in advance, Senih You could only send a certain amount of e-mails on each execution and use a meta-refresh to continually call the script. I do this on one site and also display a progress bar that updates on each refresh which is a bit better for the end user rather than have them staring at nothing until eventually all the mails have sent. All the best, David. -- phpmachine :: The quick and easy to use service providing you with professionally developed PHP scripts :: http://www.phpmachine.com/ Professional Web Development by David Nicholson http://www.djnicholson.com/ QuizSender.com - How well do your friends actually know you? http://www.quizsender.com/ (developed entirely in PHP) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction in effect
$dp = opendir( $currdir ); Basically it seems like I need to turn 'SAFE MODE' off but I dont really know what it it or how to turn it off. In fact I am not sure where the config file is on a *nix box or what is it called. Ben At 15:58 09/06/2003 +0200, winst0n wrote: what does the line 219 in misc.inc ?! * Ben Edwards Tel +44 (0)1179 553 551 ICQ 42000477 * * Webhosting for the masses http://serverone.co.uk * * Critical Site Builderhttp://www.criticaldistribution.com * * online collaborative web authoring content management system * * Get alt news/views films online http://www.cultureshop.org * * i-Contact Progressive Video http://www.videonetwork.org * * Fun corporate graphics http://www.subvertise.org * * Bristol Indymedia http://bristol.indymedia.org * * Bristol's radical news http://www.bristle.org.uk * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SAFE MODE Restriction in effect
Changed it to dir but not made any difference. I have root access to the server so could change php.ini. However ; Safe Mode ; safe_mode = Off ; By default, Safe Mode does a UID compare check when ; opening files. If you want to relax this to a GID compare, ; then turn on safe_mode_gid. safe_mode_gid = Off So not quite sure why there is a phoblem Ben At 16:23 09/06/2003 +0200, winst0n wrote: Ok, I think the php comand opendir is blocked for security reason. Try with this : $dp = dir($currdir ); dir() and opendir() are the same for client. A lot of hostserver disable opendir(), I dont know why, but they do ;) * Ben Edwards Tel +44 (0)1179 553 551 ICQ 42000477 * * Webhosting for the masses http://serverone.co.uk * * Critical Site Builderhttp://www.criticaldistribution.com * * online collaborative web authoring content management system * * Get alt news/views films online http://www.cultureshop.org * * i-Contact Progressive Video http://www.videonetwork.org * * Fun corporate graphics http://www.subvertise.org * * Bristol Indymedia http://bristol.indymedia.org * * Bristol's radical news http://www.bristle.org.uk * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode problem
I recomend you use ftp functions to upload the script to your site (from the generating file). If you only use normal filesystem function, the newly created file will get the owner of the http server. gurvinder singh wrote: and how can i be root from a php script? i want chown from the script itself which created the page. -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 12:39 PM To: Gurvinder Singh Cc: [EMAIL PROTECTED] Subject: Re: [PHP] safe mode problem what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work Thanks Regards Gurvinder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode problem
what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work Thanks Regards Gurvinder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode problem
At 11:39 3-2-03, you wrote: what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work I think you did it just the wrong way round, the way i read it the owner of the file you wanted to read already was 831, so try to chown it to 48. Safe mode writes files with chmod 750, so now effectively 0 for the php script that tries to reach it. In stead of chowning, you can also chmod the file to read (file.php) to 777, if you do not mind the security too much, if possible take the file out of the www directory. I have a big problem with safe mode now with a script that needs to create subdirectories itself, so with every new added course i would need to go and change the chmod by FTP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] safe mode problem
and how can i be root from a php script? i want chown from the script itself which created the page. -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 12:39 PM To: Gurvinder Singh Cc: [EMAIL PROTECTED] Subject: Re: [PHP] safe mode problem what you did should work (you must be root to change owner). You can use -R switch to change owner recursively Gurvinder Singh wrote: hi i create a php page dynamically in my php script. this page include one of my other php file. when i run the newly created script i get this error Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access file.php owned by uid 831 Is there a way to handle this. i even tried chown to change the newly created file's owner to be 831 but it doesnt seem to work Thanks Regards Gurvinder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode? newbie alert!
Try the "mothership" again and type php and "safe mode" Click "Search". The first two results: http://www.dynamic-webpages.de/php/features.safe-mode.php http://info.ccone.at/INFO/PHP4/features.safe-mode.html You can read only ONE so as not to get more confused... :) - E PS Of course, you can the info here as well: http://www.php.net/manual/en/features.safe-mode.php Hi Everyone, I have a small question and just need some general direction, tried the mothership(google) but got too many results and got more confused. What is safe mode? If you have any URL or file that can explain it kindly give it to me... cheers and thanks again, -Ryan. _ $B$+$o$$$/$FL{2w$J%$%i%9%HK~:\(B MSN $B%-%c%i%/%?!<(B http://character.msn.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Edwin-Re: [PHP] Safe mode? newbie alert!
Hey, Thanks for the reply, what you sent me I had already read on other sitesI just didnt understand them! I basically wanted a longer explanation. Thanks anyway, -Ryan. - Original Message - From: "@ Edwin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, September 01, 2002 2:49 PM Subject: Re: [PHP] Safe mode? newbie alert! Try the "mothership" again and type php and "safe mode" Click "Search". The first two results: http://www.dynamic-webpages.de/php/features.safe-mode.php http://info.ccone.at/INFO/PHP4/features.safe-mode.html You can read only ONE so as not to get more confused... :) - E PS Of course, you can the info here as well: http://www.php.net/manual/en/features.safe-mode.php Hi Everyone, I have a small question and just need some general direction, tried the mothership(google) but got too many results and got more confused. What is safe mode? If you have any URL or file that can explain it kindly give it to me... cheers and thanks again, -Ryan. _ $B$+$o$$$/$FL{2w$J%$%i%9%HK~:\(B MSN $B%-%c%i%/%?!<(B http://character.msn.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode
You need to use php_admin_flag for safe_mode. But I wouldn't expect any effect here since you defaulted it to On and in your httpd.conf you are turning it on... So what are you expecting to see different? -Rasmus On Fri, 26 Apr 2002, Ashley M. Kirchner wrote: On our server, PHP's compiled in Apache with --enable-safe-mode as well as the master php.ini file having safe_mode turned on. Does this override whatever's in an Apache configuration file? One of my vhosts has the following bit in it: IfModule mod_php4.c php_value include_path .:/usr/local/lib/php php_flag safe_mode On php_flag magic_quotes_gpc Off php_flag track_vars On php_flag track_errors On /IfModule And the safe_mode entry doesn't seem to have any effect what so ever. -- W | I haven't lost my mind; it's backed up on tape somewhere. + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode
Rasmus Lerdorf wrote: You need to use php_admin_flag for safe_mode. And I suppose this page has an error on it then: http://www.php.net/manual/en/configuration.php Since it states php_flag, not php_admin_flag... -- Example 3-2. Apache configuration example IfModule mod_php4.c php_value include_path .:/usr/local/lib/php php_flag safe_mode on /IfModule IfModule mod_php3.c php3_include_path .:/usr/local/lib/php php3_safe_mode on /IfModule -- -- W | I haven't lost my mind; it's backed up on tape somewhere. + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Ashley M. Kirchner) wrote: Rasmus Lerdorf wrote: You need to use php_admin_flag for safe_mode. And I suppose this page has an error on it then: http://www.php.net/manual/en/configuration.php Since it states php_flag, not php_admin_flag... The beauty of the system is that when one spots such errors, one can immediately add a correction to the annotated docs. (Done.) -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Tue, 9 Apr 2002, Richard Lynch wrote: So, what's up with this: PHP /www/herolist.com/web/categories.html: 105 2 SAFE MODE Restriction in effect. The script whose uid is 1065 is not allowed to access /www/herolist.com/web/pictures/TERISBROTHER1thum.jpg owned by uid 1056 Note that the UIDs are the *same*. Maybe I'm missing something here, but 1065 != 1056. miguel Geez! I'm going bleary-eyed from looking at this. SORRY! Just ignore me. -- Got Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe Mode
On Tue, 9 Apr 2002, Richard Lynch wrote: So, what's up with this: PHP /www/herolist.com/web/categories.html: 105 2 SAFE MODE Restriction in effect. The script whose uid is 1065 is not allowed to access /www/herolist.com/web/pictures/TERISBROTHER1thum.jpg owned by uid 1056 Note that the UIDs are the *same*. Maybe I'm missing something here, but 1065 != 1056. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode and file handling
The easiest way to make this work is to use open_basedir settings instead of safe_mode Safe_mode is specifically created to prevent you from doing what you are trying to do -Rasmus On Fri, 1 Mar 2002, Mika Lindqvist wrote: I and my www space provider have fought with a problem All files/directories created by PHP are owned by nobody/nobody and we want them to be created by my own uid/guid How this would be solved by least amount of modification in the scripts The problem is in that safe mode requires that the script and the directory containing the file/directory to be accessed is owned by me and only me If I tell PHP to create a directory test1 under my www root and then change to that directory and tell it to create another directory for example called test2, it fails because test1 is owned by nobody, not me -- PHP General Mailing List (http://wwwphpnet/) To unsubscribe, visit: http://wwwphpnet/unsubphp
Re: [PHP] safe mode and file handling
if you are on a unix system running with apache, you could modify the virtual host block and have apache run as your user name and then change the permissions of the docroot so you are the owner and group. Jim Lucas www.bend.com - Original Message - From: Mika Lindqvist [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 01, 2002 1:21 PM Subject: [PHP] safe mode and file handling I and my www space provider have fought with a problem. All files/directories created by PHP are owned by nobody/nobody and we want them to be created by my own uid/guid. How this would be solved by least amount of modification in the scripts. The problem is in that safe mode requires that the script and the directory containing the file/directory to be accessed is owned by me and only me. If I tell PHP to create a directory test1 under my www root and then change to that directory and tell it to create another directory for example called test2, it fails because test1 is owned by nobody, not me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode/restricted directory file system operations
On Thu, 2002-02-21 at 10:44, Dave wrote: Apache server with PHP module Apache user is nobody:nobody Virtual user is user1:user1 [snip] Ideas or suggestions appreciated. Dave Well, this isn't really a PHP issue, but what the hell. If you need to do filesystem stuff as a certain user, the Apache module just ain't gonna do it for you. It'll always run as the httpd user. So you could very carefully set up directory permissions so that httpd has access to do what it needs, or you could just compile the CGI version of PHP and use it for the pages which need to do these uid/gid-related operations. (If used with something like suExec you can get it to act as any user you want.) The second option is probably the safest. -- Torben Wilson [EMAIL PROTECTED] http://www.thebuttlesschaps.com http://www.hybrid17.com http://www.inflatableeye.com +1.604.709.0506 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Safe mode and dir permissions
Hello, You can't change permissions in safe_mode. and for every new people inserted the system creates a Directorie and will upload things Maybe you give the new people something like a autonumbered userid. So you can created the dirs /userid0/, /userid1/ etc. already by hand. - Original Message - From: Rodrigo Peres [EMAIL PROTECTED] To: PHP [EMAIL PROTECTED] Sent: Friday, November 16, 2001 2:02 PM Subject: [PHP] Safe mode and dir permissions Hi List, My ISP runs the PHP in Safe Mode, this is causing me a lot of trouble. In safe mode how can I change the permission of a dir to 0777?, my problem is that I've built a Content management system, and for every new people inserted the system creates a Directorie and will upload things automatically on it, but I couldn't create it with 0777 permission, so I can't upload nothing with PHP, and I don't have how change every single folder permissio by hand. Thank's -- Rodrigo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Safe mode + /usr/share/php
A recent feature addition (4.0.7) is a safe_mode_include_dir php.ini directive where you can do exactly this. -Rasmus On Sun, 26 Aug 2001, Artyom Plouzhnikoff wrote: Is it possible to use safe mode yet allow all scripts to include any files from /usr/share/php? Normal users ain't gonna have *write* access to that directory, so it shouldn't be much of a security concern, I just don't know how to do this. I know that I can disable safe_mode and enable open_basedir, but that will create yet another security hole because normal users will be able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can make PHP load a custom glibc and thus gain root access to the box if I allow them to do that. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Safe mode upload
Awhile ago there was some discussion on irc #php , this use was proposed (by onki) : $tmp_name = $HTTP_POST_FILES['userfile']['tmp_name']; move_uploaded_file ($tmp_name, '/home/httpd/html/upload/example.zip'); chmod('/home/httpd/html/upload/example.zip', 0644); And it works. move_uploaded_file() is the key here. Haven't personally tried it like this as the safe mode server I have access to is 4.0.2 and move_uploaded_file is a 4.0.3 function http://www.php.net/manual/en/function.move-uploaded-file.php http://www.php.net/manual/en/features.file-upload.php Also, what you can do is get a script called chuid from here : http://www.srparish.net/scripts/ It must be installed by sysadmin. Then, users do something like this : ... input type=file name=file ... passthru (chuid $file 1033); copy($file, /path/to/uploads/$file_name); Something like that. The above (1033) is the users uid which of course is different for everyone. If anyone has comments to add/change to this post, please do so. Also upon review of the php4.0.5 CHANGELOG, note the following entry : Allow access to uploaded files in safe_mode. Beware that you can only read the file. If you copy it to new location the copy will not have the right UID and you script won't be able to access that copy. (Thies) http://php.net/ChangeLog-4.php Regards, Philip On Tue, 8 May 2001, php wrote: Hi everyone. I have trouble uploading files while in safe mode .Warning: SAFE MODE Restriction in effect. The script whose uid is 206 is not allowed to access /tmp/php6wtDUc owned by uid 0 Can someone help me pass around this problem? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Safe mode?
I think the second line is right, but I suggest to add space before and after equal sign, if it is not working may be somethink else make the problem. safe_mode = off -Original Message- From: Leon Mergen [mailto:[EMAIL PROTECTED]] Sent: 03 March, 2001 4:36 AM To: [EMAIL PROTECTED] Subject: [PHP] Safe mode? How can I turn off safe_mode using php.ini with php4.0.3pl1? All this doesn't work: safe_mode="off" safe_mode=off safe_mode="0" safe_mode=0 safe_mode="Off" safe_mode=Off Anyone has an idea? Leon Mergen [EMAIL PROTECTED] President of Technical Operations BlazeBox, Inc. ICQ: 55677353 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]