Re: [PHP] safe mode bug ?

To: debian-isp@lists.debian.org
Subject: Re: [PHP] safe mode bug ?
From: Robert Hensel <robert@hensel.nl>
Date: Sun, 06 Jun 2004 15:37:58 +0200
Message-id: <[🔎] 40C31E36.80500@hensel.nl>
In-reply-to: <[🔎] 20040606124723.GA17902@bofh.hanau.net>
References: <[🔎] 40C30FBD.4030300@hensel.nl> <[🔎] 20040606124723.GA17902@bofh.hanau.net>

Hi,

I understand that there are a lot of solutions to make PHP more safe.And of course,I don't see safe_mode as _the_ solution. But I definetlyconsider it to be a good extra protection, just like basedirrestrictions, and the problem I described seems simply like a bug insafe_mode.



Franz Georg Köhler wrote:

Hello,


it is widely known that safe_mode is not really safe.

You might want to restrict access with open_basedir .


The most secure solution is still to install php's cgi executable in an
suexec environment.

--
Robert Hensel

E: robert@hensel.nl

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This email and any attachment is intended for the
addressee only. If you are not the addressee, you
are notified that no part of the email or any
attachment may be disclosed, copied or distributed,
and that any other action related to this email or
attachment is strictly prohibited, and may be unlawful.

If you are not the addressee, please notify the sender
immediately by return email, and delete this message.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Reply to:

Follow-Ups:
- Re: [PHP] safe mode bug ?
  - From: Michal Panoch <michal@panoch.net>

References:
- [PHP] safe mode bug ?
  - From: Robert Hensel <robert@hensel.nl>
- Re: [PHP] safe mode bug ?
  - From: Franz Georg Köhler <lists@openunix.de>

Prev by Date: Re: [PHP] safe mode bug ?
Next by Date: Re: [PHP] safe mode bug ?
Previous by thread: Re: [PHP] safe mode bug ?
Next by thread: Re: [PHP] safe mode bug ?
Index(es):
- Date
- Thread