Page 1 of 1

safe mode

Posted: Mon Mar 30, 2009 5:32 pm
by oboedrew
I am trying to better understand php's safe mode. I've found a number of articles online discussing this or that aspect of it, but none giving a coherent summary of what it is, what it does (or is meant to do), pros and cons, etc. Even the php manual seems uncertain. Its page on safe mode begins: "This is a still probably incomplete and possibly incorrect listing of the functions limited by safe mode." So, does anyone really know what safe mode does? Can someone point me toward a good article on the topic? I know it has been eliminated in php 6, but so long as I'm working with php 5 I'd like to try and understand what security issues it attempts to solve.

Thanks,
Drew

Re: safe mode

Posted: Tue Mar 31, 2009 2:02 am
by jaoudestudios
Yes, thankfully it is being dropped in php6 :)

The only times I have come across php safemode is when uploading files. Php safemode checks that the script and file are owned by the same user, otherwise it does not proceed. In the terms of an upload, the file uploaded is owned by apache and the php script is usually owned by the ftp user - this is where safemode would go...ERROR.

Re: safe mode

Posted: Wed Apr 01, 2009 11:19 am
by oboedrew
Doesn't safe mode also prevent writing to files and creating directories in some cases? Surely there's an article somewhere that explains in detail what safe mode is and isn't... right?

Thanks,
Drew

Re: safe mode

Posted: Wed Apr 01, 2009 6:58 pm
by Chris Corbyn
Functions restrictred/disabled by safe mode:

http://au2.php.net/manual/en/features.s ... ctions.php

Possible options, and what they do:

http://au2.php.net/manual/en/ini.sect.safe-mode.php

Re: safe mode

Posted: Wed Apr 01, 2009 9:41 pm
by oboedrew
Thanks, but I read through those pages already. The first page begins: "This is a still probably incomplete and possibly incorrect listing of the functions limited by safe mode." I had a good chuckle over that line. That's the official php documentation, right? How is it that the people who made safe mode aren't sure what it does? It seems risky to use a source that is prefaced by the admission that it is "probably incomplete and possibly incorrect." Is there a more authoritative article out there?

Thanks,
Drew