On Sun, 2002-05-12 at 23:38, Ilia A. wrote: > > Really, what is that line? > > sleep(10000000); > > If you insist on being creative you can use file locking or sockets to get the > process in to un-interuptible sleep. > > > I would take a bet that it probably has > > nothing to do with safe mode, and would work regardless of it being in > > the language.. > > I am not saying this particular problem is due to safe_mode, which only > "theoreticaly" prevents people from viewing/modifying files they do not own. > I say theoretically because in reality a bugs in safe_mode can be used to > bypass this limitation or simply write code in another programming language > to do it. However, "safe mode" implies safety, which in reality it DOES NOT > offer, of course if the defenition of the word "safe" has changed, please let > me know.
Ok now you are changing your argument. If you say it is inappropriately named, I will agree. However, the functionality of extra uid checks is a good measure The thing we have to hope for is that the admin is smart enough to realize their is no such thing as perfect security > > I will also take bet that there is another security > > measure in php that can be used against it. > > > > Don't bet on it, you'll loose. disable_functions = sleep > > > > > The argument you make to remove safe mode because it is not perfect is > > > > unfounded. By the same argument you could say we shouldn't use locks on > > > > our doors, because hey "they can be picked". > > > > > > Safe mode is not only imperfect it does not even work properly. In the > > > last day and a half I've showed 5 bugs that allow it be bypassed, simply > > > take a look at the latest safe_mode bugs. > > > > Five, I only saw one. Regardless they can and should be fixed. > > Check again: > > Bug report #17168-69 > Bug report #17155-57 All of those regarding safe mode are fixed now. > > > > > > Some of those were fixed other were not as > > > yet. To continue with your lock analogy, you do not protect your house > > > with a broken lock, because beyond cosmetic value it does absolutely > > > nothing. > > > > If the lock is broken, you fix it, you don't get rid of the lock > > altogether > > If you've fixed the same lock a dosen times and it still breaks it is probably > smarter to get rid off it and get a new one. > > Ilia It depends on why the lock is broken, you have been suggesting this whole time that safe mode is a DESIGN flaw. However, your reasoning is only BUILD flaws. I have yet to hear a single reason as to why the concept of extra uid, checks of files is a bad thing. The fact of the matter, is that it is YOU who is ultimately responsible for your systems security. When you allow thousands of users to share the same system, and all execute arbitrary code on that system, there is always the possibility of problems. You can not rely on PHP itself solving all of your webhosting systems security problems. By the same argument that you make to get rid of safe mode, we could tell you to not use a shared environment, and use dedicated servers. There are problems here and you can be a bit more constructive, and send patches, offer new security techniques, report bugs. Exaggerating and cursing safe mode does nothing but waste time. -Jason -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
