[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PHP] safe mode bug ?

Robert Hensel <robert@hensel.nl> writes:

> Hi,
> I understand that there are a lot of solutions to make PHP more safe. And
> of course,I don't see safe_mode as _the_ solution. But I definetly consider
> it to be a good extra protection, just like basedir restrictions, and the
> problem I described seems simply like a bug in safe_mode.

True. I forgot about using it a long time ago.. safe_mode is not a bad
idea, but the way it's implemented really IS.. :(

> Franz Georg KĂśhler wrote:
>>it is widely known that safe_mode is not really safe.
>>You might want to restrict access with open_basedir .

I think open_basedir is far better and safer that the whole safe_mode

>>The most secure solution is still to install php's cgi executable in an
>>suexec environment.

I agree with this, but its not applicable on boxes with heavy load.. CGI
cannot meet the speed of php apache module.. Maybe with FastCGI, but I
haven't tried yet..


= michal panoch - linux admin
= michal@panoch.net
= gpg fp: 816b be10 99cf 159b 8e1a  4648 ad7a 9df2 de4e c6f4

Reply to: