I am trying to better understand php's safe mode. I've found a number of articles online discussing this or that aspect of it, but none giving a coherent summary of what it is, what it does (or is meant to do), pros and cons, etc. Even the php manual seems uncertain. Its page on safe mode begins: "This is a still probably incomplete and possibly incorrect listing of the functions limited by safe mode." So, does anyone really know what safe mode does? Can someone point me toward a good article on the topic? I know it has been eliminated in php 6, but so long as I'm working with php 5 I'd like to try and understand what security issues it attempts to solve.
Thanks,
Drew
safe mode
Moderator: General Moderators
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: safe mode
Yes, thankfully it is being dropped in php6 
The only times I have come across php safemode is when uploading files. Php safemode checks that the script and file are owned by the same user, otherwise it does not proceed. In the terms of an upload, the file uploaded is owned by apache and the php script is usually owned by the ftp user - this is where safemode would go...ERROR.
The only times I have come across php safemode is when uploading files. Php safemode checks that the script and file are owned by the same user, otherwise it does not proceed. In the terms of an upload, the file uploaded is owned by apache and the php script is usually owned by the ftp user - this is where safemode would go...ERROR.
Re: safe mode
Doesn't safe mode also prevent writing to files and creating directories in some cases? Surely there's an article somewhere that explains in detail what safe mode is and isn't... right?
Thanks,
Drew
Thanks,
Drew
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: safe mode
Functions restrictred/disabled by safe mode:
http://au2.php.net/manual/en/features.s ... ctions.php
Possible options, and what they do:
http://au2.php.net/manual/en/ini.sect.safe-mode.php
http://au2.php.net/manual/en/features.s ... ctions.php
Possible options, and what they do:
http://au2.php.net/manual/en/ini.sect.safe-mode.php
Re: safe mode
Thanks, but I read through those pages already. The first page begins: "This is a still probably incomplete and possibly incorrect listing of the functions limited by safe mode." I had a good chuckle over that line. That's the official php documentation, right? How is it that the people who made safe mode aren't sure what it does? It seems risky to use a source that is prefaced by the admission that it is "probably incomplete and possibly incorrect." Is there a more authoritative article out there?
Thanks,
Drew
Thanks,
Drew