PHP :: Bug #23277 :: Apache safe_mode and open

Bug #23277

Apache safe_mode and open_basedir not enough

Submitted:

2003-04-18 23:24 UTC

Modified:

2005-01-31 23:25 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

flatface at flatface dot net

Assigned:

Status:

Not a bug

Package:

Safe Mode/open_basedir

PHP Version:

4.3.0

OS:

*nix

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	flatface at flatface dot net
New email:
PHP Version:		OS:

New Comment:

[2003-04-18 23:24 UTC] flatface at flatface dot net

I'm sorry for addressing it here, but I can't find anywhere else to put it. I sysadmin a system with 1200 users, and I can't seem to find the appropriate security to apply with php. suexec is fine with this shared resoruce server, but with open_basedir, the most I can do is disallow viewing of files below the script's location. With safe_mode on, it goes overboard and disables a LOT of important functions that people use (e.g. shell_exec), and even when people create files, it's still chowned by apache and not the user. If mod_php could act a bit more like suexec and run as the user in mod_php.

This is on php 4.3.0 on Gentoo Linux.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-04-21 09:58 UTC] sniper@php.net

Not PHP problem.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC