subject:"\[PHP\-DEV\] chroot\(\)\: _not

[PHP-DEV] chroot(): _not_ safe-mode restricted?

2001-08-19 Thread jeroen


As I read it in CVS,  chroot() will work even in safe-mode. Isn't this a bad
idea(tm), or am I wrong?
If users can chroot in safe-mode, Apache won't serve any more pages after
all children have been chrooted to an empty dir?

--jeroen



-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

2001-08-19 Thread teo


Hi jeroen!
On Mon, 20 Aug 2001, [EMAIL PROTECTED] wrote:

> As I read it in CVS,  chroot() will work even in safe-mode. Isn't this a bad
> idea(tm), or am I wrong?
> If users can chroot in safe-mode, Apache won't serve any more pages after
> all children have been chrooted to an empty dir?

uhm, where have you read that? [ curious ]
nope, cause it will run as apache user, and you have to be root to chroot().

-- teodor

-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

2001-08-19 Thread Derick Rethans


On Mon, 20 Aug 2001 [EMAIL PROTECTED] wrote:

> Hi jeroen!
> On Mon, 20 Aug 2001, [EMAIL PROTECTED] wrote:
>
> > As I read it in CVS,  chroot() will work even in safe-mode. Isn't this a bad
> > idea(tm), or am I wrong?
> > If users can chroot in safe-mode, Apache won't serve any more pages after
> > all children have been chrooted to an empty dir?
>
> uhm, where have you read that? [ curious ]
> nope, cause it will run as apache user, and you have to be root to chroot().

Indeed, chroot() doesn't make sense at all if it's used in a webserver
module. It's onyl useful when PHP runs as commandline tool, as root.
That's why I added the function.

Derick

>
> -- teodor
>
>


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

2001-08-20 Thread Jeroen van Wolffelaar


> > As I read it in CVS,  chroot() will work even in safe-mode. Isn't this a
bad
> > idea(tm), or am I wrong?
> > If users can chroot in safe-mode, Apache won't serve any more pages
after
> > all children have been chrooted to an empty dir?
>
> uhm, where have you read that? [ curious ]


I just reasoned what could happen. if you chroot a child, I couldn't see a
reason why it'd get respawned (since it doesn't die), but it will become a
useless child, I guessed.

> nope, cause it will run as apache user, and you have to be root to
chroot().

I believe there are webservers which are run as root, or not? If that is the
case, chroot should be disabled in safe-mode IMHO, or better, disabled in
webserver envirment.

Currently the docs say that it is not *wise* to use it in webserver-env, not
that is impossible. That's why I questioned safe-mode restrictions here.

> -- teodor
Jeroen


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

2001-08-20 Thread Derick Rethans


On Mon, 20 Aug 2001, Jeroen van Wolffelaar wrote:

> > > As I read it in CVS,  chroot() will work even in safe-mode. Isn't this a
> > > bad idea(tm), or am I wrong?
> > > If users can chroot in safe-mode, Apache won't serve any more pages
> > > after all children have been chrooted to an empty dir?
> >
> > uhm, where have you read that? [ curious ]
>
>
> I just reasoned what could happen. if you chroot a child, I couldn't see a
> reason why it'd get respawned (since it doesn't die), but it will become a
> useless child, I guessed.

It will be useless indeed, as the filesystem root of it has been changed
then.

>
> > nope, cause it will run as apache user, and you have to be root to
> > chroot().
>
> I believe there are webservers which are run as root, or not? If that is the
> case, chroot should be disabled in safe-mode IMHO, or better, disabled in
> webserver envirment.

If your sysadm runs a webserver as root, you should fire him IMO.

>
> Currently the docs say that it is not *wise* to use it in webserver-env, not
> that is impossible. That's why I questioned safe-mode restrictions here.

yeah, right... I think it should only work in plain CGI mode, with no CGI
things in it (force-cgi-redirect) or other stuff. It simply has no use in
this cases...

Derick


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

2001-08-20 Thread Jason Greene


IMHO There is no reason to use chroot in safe_mode, and it should be disabled.
As far as webservers running as root, potentially any webserver could, though you 
are probably right that some do by default. 

Think of the potential hazard of a multi-threaded
webserver

This is another dangerous system call for the web environment, and really should be 
disabled if SAPI!=cgi

-Jason


- Original Message - 
From: "Jeroen van Wolffelaar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: "PHP Developers Mailing List" <[EMAIL PROTECTED]>
Sent: Monday, August 20, 2001 2:01 PM
Subject: Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?


> > > As I read it in CVS,  chroot() will work even in safe-mode. Isn't this a
> bad
> > > idea(tm), or am I wrong?
> > > If users can chroot in safe-mode, Apache won't serve any more pages
> after
> > > all children have been chrooted to an empty dir?
> >
> > uhm, where have you read that? [ curious ]
> 
> 
> I just reasoned what could happen. if you chroot a child, I couldn't see a
> reason why it'd get respawned (since it doesn't die), but it will become a
> useless child, I guessed.
> 
> > nope, cause it will run as apache user, and you have to be root to
> chroot().
> 
> I believe there are webservers which are run as root, or not? If that is the
> case, chroot should be disabled in safe-mode IMHO, or better, disabled in
> webserver envirment.
> 
> Currently the docs say that it is not *wise* to use it in webserver-env, not
> that is impossible. That's why I questioned safe-mode restrictions here.
> 
> > -- teodor
> Jeroen
> 
> 
> -- 
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
> 


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] chroot(): _not_ safe-mode restricted?

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

Re: [PHP-DEV] chroot(): _not_ safe-mode restricted?

6 matches

Site Navigation

Mail list logo

Footer information