|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #8963 using shared PHP libraries in safe_mode
Submitted: 2001-01-28 05:36 UTC Modified: 2006-10-27 00:49 UTC
From: js at lsc dot hu Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 4.0.4pl1 OS: Linux Red Hat 7.0 / i386
Private report: No CVE-ID: None
 [2001-01-28 05:36 UTC] js at lsc dot hu
When I set

include_path = ".:/usr/share/php"

to access shared libraries and

safe_mode = On

is set, users cannot use files in /usr/share/php, just because there're userid check in main/fopen_wrappers.c. It means in safe mode you can include files with the same owner userid only, as the controlling file (eg. which contains that include or require).

My opinion: checks, mandatory blockings and security enhancements should be distinguished via a new entry in php.ini.

Excerpt of my previous mail:

Check/block summary

env.var block:
  - AUTHORIZATION (only in apache SAPI)
function block:
  - dl
  - set_time_limit
function restrictions:
  - safe_mode_allowed_env_vars
  - safe_mode_protected_env_vars
  - sanity checks
    mkdir, rmdir, rename, unlink, copy, chkgrp, chown, chmod, touch,
    symlink, link, mkfifo, pg_loimport, filepro, filepro_rowcount,
    filepro_retrieve, dbase_open, dbase_create, dbmopen
  - special access permissions block
  - userid checks


Some things are must-have in safe_mode, but I would put an own flag for each type (well, the privilege sanity checks don't do any bad, so this type doesn't need another flag).


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-28 18:07 UTC]
safe_mode has to be rewritten anyway..reclassified as feature/change request.

 [2006-10-27 00:49 UTC]
Safe mode is gone now, so this doesn't apply anymore.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jun 14 00:01:33 2024 UTC