php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #18407 Request of new configuration directive for safe_mode
Submitted: 2002-07-18 05:54 UTC Modified: 2012-09-22 09:21 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: msteinacher at websource dot ch Assigned: nikic (profile)
Status: Wont fix Package: *General Issues
PHP Version: 4.2.1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: msteinacher at websource dot ch
New email:
PHP Version: OS:

 

 [2002-07-18 05:54 UTC] msteinacher at websource dot ch 
I suggest to add a new configuration directive for safe mode to solve the common problem, that a user can't change uploaded files because they have the UID of the user owning the webserver process and not the UID of the user owning the script.
I know that I could turn safe_mode off and use only open_basedir instead. Another 'solution' sould be to use safe_mode_gid and put the webserver-user in the same group as the script-owners. But I don't want to do this.
Thus my suggestion to add a new directive that could for example be called 'safe_mode_allow_proc_uid'. If this is set to TRUE then PHP should allow the access to files which are owned by the user that owns the script (as it does now) _OR_ files which are owned by the user that owns the webserver process.

In other words: Try to implement the patch at http://www.zend.com/lists/php-dev/200201/msg01149.html with the option to enable or disable it.


Thanks for listening.
Marco

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-22 09:18 UTC] nikic@php.net 
Closing this as safe mode is no longer supported as of PHP 5.4
 [2012-09-22 09:18 UTC] nikic@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: nikic
 [2012-09-22 09:21 UTC] nikic@php.net
-Status: Closed +Status: Wont fix
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 01:01:30 2024 UTC