php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #18407 Request of new configuration directive for safe_mode
Submitted: 2002-07-18 05:54 UTC Modified: 2012-09-22 09:21 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: msteinacher at websource dot ch Assigned: nikic (profile)
Status: Wont fix Package: *General Issues
PHP Version: 4.2.1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-07-18 05:54 UTC] msteinacher at websource dot ch 
I suggest to add a new configuration directive for safe mode to solve the common problem, that a user can't change uploaded files because they have the UID of the user owning the webserver process and not the UID of the user owning the script.
I know that I could turn safe_mode off and use only open_basedir instead. Another 'solution' sould be to use safe_mode_gid and put the webserver-user in the same group as the script-owners. But I don't want to do this.
Thus my suggestion to add a new directive that could for example be called 'safe_mode_allow_proc_uid'. If this is set to TRUE then PHP should allow the access to files which are owned by the user that owns the script (as it does now) _OR_ files which are owned by the user that owns the webserver process.

In other words: Try to implement the patch at http://www.zend.com/lists/php-dev/200201/msg01149.html with the option to enable or disable it.


Thanks for listening.
Marco

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-09-22 09:18 UTC] nikic@php.net 
Closing this as safe mode is no longer supported as of PHP 5.4
 [2012-09-22 09:18 UTC] nikic@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: nikic
 [2012-09-22 09:21 UTC] nikic@php.net
-Status: Closed +Status: Wont fix
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 12:01:29 2024 UTC