Yep, completely right. We came to the conclusion a long time ago that
safe_mode isn't safe, and keeping it around is just going to continue
giving people a false sense of security (and PHP a bad name).
Andi
At 02:12 PM 11/24/2005, Rasmus Lerdorf wrote:
Peter Brodersen wrote:
Well, safe_mode could prevent someone of doing a
shell_exec("cat /home/otheruser/web/config.php");
open_basedir can't do the same thing.
We were in a continual losing race against that sort of thing
though. In pretty much every single release there have been ways to
do this that got around safe-mode.
- open_basedir restriction plus disable
exec+passthru+proc_open+shell_exec+system+popen+pcntl_exec(+dl)?
- jail users into hell?
- or something third?
I have always maintained that shared hosts should be running
per-security context Apache instances as different users. That's
the only way to truly keep things secure. If you have everyone
executing things as the same user id you will never truly separate
the security contexts. Failing that, shared hosts should be looking
at per-user fastcgi.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php