Re: [PHP] safe mode bug ?

To: debian-isp@lists.debian.org
Subject: Re: [PHP] safe mode bug ?
From: Michal Panoch <michal@panoch.net>
Date: Mon, 07 Jun 2004 12:24:31 +0200
Message-id: <[🔎] 85u0xnaco0.fsf@elbissop.office.globe.cz>
In-reply-to: <[🔎] 40C31E36.80500@hensel.nl> (Robert Hensel's message of "Sun, 06 Jun 2004 15:37:58 +0200")
References: <[🔎] 40C30FBD.4030300@hensel.nl> <[🔎] 20040606124723.GA17902@bofh.hanau.net> <[🔎] 40C31E36.80500@hensel.nl>

Robert Hensel <robert@hensel.nl> writes:

> Hi,
>
> I understand that there are a lot of solutions to make PHP more safe. And
> of course,I don't see safe_mode as _the_ solution. But I definetly consider
> it to be a good extra protection, just like basedir restrictions, and the
> problem I described seems simply like a bug in safe_mode.

True. I forgot about using it a long time ago.. safe_mode is not a bad
idea, but the way it's implemented really IS.. :(

> Franz Georg KĂśhler wrote:
>
>>Hello,
>>
>>
>>it is widely known that safe_mode is not really safe.
>>
>>You might want to restrict access with open_basedir .

I think open_basedir is far better and safer that the whole safe_mode
thing.. 

>>The most secure solution is still to install php's cgi executable in an
>>suexec environment.

I agree with this, but its not applicable on boxes with heavy load.. CGI
cannot meet the speed of php apache module.. Maybe with FastCGI, but I
haven't tried yet..

--
regards,

= michal panoch - linux admin
= michal@panoch.net
= gpg fp: 816b be10 99cf 159b 8e1a  4648 ad7a 9df2 de4e c6f4

Reply to:

References:
- [PHP] safe mode bug ?
  - From: Robert Hensel <robert@hensel.nl>
- Re: [PHP] safe mode bug ?
  - From: Franz Georg Köhler <lists@openunix.de>
- Re: [PHP] safe mode bug ?
  - From: Robert Hensel <robert@hensel.nl>

Prev by Date: SEARCH attack
Next by Date: Re: SEARCH attack
Previous by thread: Re: [PHP] safe mode bug ?
Next by thread: SEARCH attack
Index(es):
- Date
- Thread