Re: [PHP] safe mode bug ?
Robert Hensel <email@example.com> writes:
> I understand that there are a lot of solutions to make PHP more safe. And
> of course,I don't see safe_mode as _the_ solution. But I definetly consider
> it to be a good extra protection, just like basedir restrictions, and the
> problem I described seems simply like a bug in safe_mode.
True. I forgot about using it a long time ago.. safe_mode is not a bad
idea, but the way it's implemented really IS.. :(
> Franz Georg KĂśhler wrote:
>>it is widely known that safe_mode is not really safe.
>>You might want to restrict access with open_basedir .
I think open_basedir is far better and safer that the whole safe_mode
>>The most secure solution is still to install php's cgi executable in an
I agree with this, but its not applicable on boxes with heavy load.. CGI
cannot meet the speed of php apache module.. Maybe with FastCGI, but I
haven't tried yet..
= michal panoch - linux admin
= gpg fp: 816b be10 99cf 159b 8e1a 4648 ad7a 9df2 de4e c6f4