PHP6 will not include Safe Mode
- Thread starter nobaloney
- Start date
ClayRabbit
Verified User
It's seems they going to make mod_php totally unusable for shared web-hosting, just like mod_perl...
PHP's safe-mode will indeed be removed. While some people might think otherwise; it's not actually doing what is says it does: making the webserver safe. It simply limits PHP's behaviour in relation to files and program execution. Trying to stop applications to access files they are not supposed to access is more of a operating system task either way.
Alternatives are certainly available; with a strong open_basedir implementation and a well-overthought set of disabled_functions you can achieve pretty much the same. In webserver environments there is no need for functions as exec and passthru; why rely on safe_mode if you can totally disable these functions? Having a security solution that works in 90% of the cases is no better than not having any at all.
That, combined with upcoming features as taints makes me believe there will not be any problem at all. It just requires a slightly different configuration.
Alternatives are certainly available; with a strong open_basedir implementation and a well-overthought set of disabled_functions you can achieve pretty much the same. In webserver environments there is no need for functions as exec and passthru; why rely on safe_mode if you can totally disable these functions? Having a security solution that works in 90% of the cases is no better than not having any at all.
That, combined with upcoming features as taints makes me believe there will not be any problem at all. It just requires a slightly different configuration.
In PHP 5.3 every user can change open_basedir. Some time ago I asked question http://directadmin.com/forum/showpost.php?p=160175&postcount=10 but no one answered.
circlesquare
Verified User
- Joined
- May 24, 2007
- Messages
- 22
I don't think they ever had the buck - safe_mode was just a temporary solution to the problem of shared servers.
Personally, i think using suPHP is the most secure option at the moment and means you don't have to be as restrictive with the disabled_functions.
As mainly a developer myself, I welcome the change as it means that the easy option of web hosts just turning on safe_mode to fix security issues has now gone, and along with it a very restrictive environment which inhibits some more complex coding.
I hate safe_mode.
I dont like safe mode either and do not even use it.
But if I understand the docs correctly they are also removing open_basedir which is just plain silly.
PHP has a history of not implementing security features and is the reason why patches such as suhosin exist.
They also have a history of breaking backwards compatability which is why they have such a big problem of moving their userbase of older versions of php.
But if I understand the docs correctly they are also removing open_basedir which is just plain silly.
PHP has a history of not implementing security features and is the reason why patches such as suhosin exist.
They also have a history of breaking backwards compatability which is why they have such a big problem of moving their userbase of older versions of php.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I start this post by admitting I'm not a PHP guy.
But I may be missing something in your last post, Chrysalis:
Why would you need open_basedir if you're running php as CGI?
And isn't running php as CGI considered the most secure way to go?
It appears to me they're attempting to move the userbase off of mod_php, which to me appears to be the real security hole. Am I missing something else?
Jeff
But I may be missing something in your last post, Chrysalis:
Why would you need open_basedir if you're running php as CGI?
And isn't running php as CGI considered the most secure way to go?
It appears to me they're attempting to move the userbase off of mod_php, which to me appears to be the real security hole. Am I missing something else?
Jeff