Cannot reproduce. Please provide an account on this machine.

Unfortunately, this machine is on a private network.

It'a a solaris 10 update 3 with apache 2.0.58 included in 
solaris. PHP is 5.2.1 compiled with:

CFLAGS='-I/usr/sfw/src/mysql/include' \
CC='cc' \
'./configure' \
'--with-apxs2=/usr/apache2/bin/apxs' \
'--with-mysql=/usr/sfw' \
'--enable-dbase' \
'--with-ldap' \
'--enable-ftp' \
'--with-bzip2' \
'--with-openssl=/usr/sfw' \
'--with-jepg' \
'--with-png' \
'--with-zlib' \
'--with-imap' \
'--enable-fastcgi' \
'--enable-mbstring' \
'--with-config-file-path=/etc/apache2' \
'--without-iconv' \
'--with-gettext' \
'--enable-magic-quotes' \
'--enable-safe-mode' \
'--prefix=/usr' \
'--exec-prefix=/usr' \
'--sysconfdir=/etc' \
'--localstatedir=/var' \

I'm using Sun Studio 11 but same result with GCC. I don't 
know if the problem is on x86 too, I have only solaris with 
sparc.

NB: bug 12683 suggests a problem with mod_perl but no 
mod_perl here.

Then we will have to wait for someone with Solaris 10 to reproduce and fix it.

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Same problem with the snapshot. But it seems that the problem is the 
apache provided by SUN because if I compile apache from the source, 
safe_mode is OK.

What's the difference between Sun Apache and the one compiled from sources?

For the difference, I don't know... I have this:

[root@Romulus ~]# /usr/apache2/bin/httpd -V
Server version: Apache/2.0.58
Server built:   Sep  5 2006 07:46:49
Server's Module Magic Number: 20020903:12
Server loaded:  APR 0.9.12, APR-UTIL 0.9.12
Compiled using: APR 0.9.12, APR-UTIL 0.9.12
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FCNTL_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/apache2"
 -D SUEXEC_BIN="/usr/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"

And the same for Sun apache, please.

This is the httpd -V from apache provided by SUN.

Well, then provide the one from the self-compiled apache.

The self-compiled apache:

[root@Romulus bin]# ./httpd -V
Server version: Apache/2.0.59
Server built:   Feb 22 2007 00:29:21
Server's Module Magic Number: 20020903:12
Server loaded:  APR 0.9.12, APR-UTIL 0.9.12
Compiled using: APR 0.9.12, APR-UTIL 0.9.12
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FCNTL_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/apache2"
 -D SUEXEC_BIN="/usr/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="/var/logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"

Two different apaches in one server root?
How did you manage to do that?

The 2 versions are not working at the same time.

Sure, but they can't be in the same directory in the same time.

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

I can confirm a very similar bug on Solaris 10 SPARC Update 3 with the latest php5.2-200707231430 snapshot.

Here is the testing script /tmp/test.php:

<?php
echo "safe = " . (ini_get('safe_mode') ? "On" : "Off") . "\n";
echo "uid = " . getmyuid() . "\n";
echo "gid = " . getmygid() . "\n";
echo file_get_contents('/etc/passwd');
?>

I have performed these commands in PHP source directory (as root):

cd /tmp/php5.2-200707231430
./configure --disable-all --disable-cgi --enable-safe-mode
make

I login with a user account (uid:gid 2010:605) 
cd /tmp/php5.2-200707231430/sapi/cli
./php test.php

The output is the following:

safe = On
uid = 0
gid = 1004
 ........ and then the contents of the '/etc/passwd' file.

Actually it does not matter which user is executing this script. It always returns uid:gid as 0:1004 (even for a root user). It also does not matter whether 'Safe Mode' is On or Off.  This makes 'Safe Mode' practically useless on the machine, as all the scripts run with root's uid.

At first I thought that the gid 1004 is coming out of the blue, because I do not have any groups with such id. Then I saw that the files in PHP source tarball as well as the compiled binary in 'sapi/cli' directory have uig:gid 1004:1004. So it would be logical to assume that all of that is somehow related. I tried to change the uid:gid of the compiled binary but it did not change the behaviour. I guess something goes wrong during the compilation phase.

I cannot provide access to this machine at the moment, but I could arrange it if really was required. Otherwise I am happy to do any other additional testing that could be useful.

There is no reaction for a week now... As I am not the original submitter of the bug I cannot change its status to 'Open'.
Is anybody following this up or should I open a new bug for this issue?

Since there was no feedback here I was about to open a new bug for this issue. I decided to test again with the latest php5.2-200708011630 snapshot and now it seems to work fine!

Well sort of... The CLI script I use for testing above takes the UID and GID of the script file and not of the user who launches the script.

Has this bug been really addressed?
Is this the intended "correct" behaviour?
Could anybody please officially comment on this?