Member
Hi friends,
I have done the study of PHP programming language to a better extent. I am using an older version of PHP, and I want to know about the safe-mode. I came to know that it is used for solving the security issue. But I don't know much about it, so thought that posting here would help me.!! Please explain me about the Safe Mode in PHP? Hope that you guys would reply me soon.!!
Member
The "Safe Mode" is the way PHP security: a solution to the problem of sharing of PHP on a server. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server. But the alternatives at the web server and OS levels are not realistic. Many stakeholders, including ISP's, use safe mode. You should know that the "Safe Mode" is deprecated since PHP 5.3.0 and was removed in PHP 6.0.0. suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.
Signatures reduce available bandwidth
Member
The following are the configuration directives with an explanation :
- safe_mode boolean - Whether to enable the security mode for PHP. If PHP is compiled with - enable-safe-mode, the default is On, Off otherwise.
- safe_mode_gid boolean - By default, Safe Mode does a UID compare check when opening a file. If you want to relax a bit this level of security, you can perform a comparison group, then turn on safe_mode_gid. If this directive is FALSE (the default) is a comparison of the UID, and if it is TRUE is a comparison of the GID.
- safe_mode_include_dir string - Audits based on the UID or GID are ignored when the included files are placed in the folder specified by this directive and its subfolders. Cases may also be in the include_path or it must include the full path.
- safe_mode_exec_dir string - If PHP is used in safe mode, functions like system () and all those that run in command line will refuse to run programs that are not in this folder. You must use / as directory separator in all environments, including Windows.
I do to dead flowers what people at morgues do to dead people. Suck all the moisture out, dip them in plastic, paint them up pretty and put them in a nice frame.
Member
I am providing you with the more configuration directives that are used in safe mode :
- safe_mode_allowed_env_vars string - Setting certain environment variables is a potential security hole. This directive contains a list of names of environment variables separated by commas, or prefixes. In Safe Mode, the user may only alter environment variables whose names begin with the prefixes supplied here. By default, users can modify the environment variables that begin with PHP_. If this directive is empty, PHP will let the user modify ANY environment variable.
- safe_mode_protected_env_vars string - This directive contains a list of environment variables that the programmer can not modify it using the function putenv (). These variables will be protected even if safe_mode_allowed_env_vars permits their amendment.
Member
When Safe Mode is enabled, PHP checks whether the owner of the current script is the same as the owner of files or folders that will be handled by this script. For example, in the following situation :
- -rw-rw-r-- 1 rasmus rasmus 33 Oct 7 22:20 script.php
- -rw-r--r-- 1 root root 1116 Dec 26 19:01 /etc/passwd
Running script.php :
results in this error when safe mode is enabled :PHP Code:<?php
readfile('/etc/passwd');
?>
Code:Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
Member
The following is the list of a non-exhaustive list of functions disabled by Safe Mode :
- dbmopen () - Check the file / folder that you use has the same UID as the script that is being executed.
- Ifx_ * - sql_safe_mode restrictions, (! = Safe Mode)
- putenv () - Follows the safe_mode_protected_env_vars and safe_mode_allowed_env_vars.
- exec () - You can run programs that are on file safe_mode_exec_dir. For practical reasons, it is not possible to use wildcards like in the path of this file.
- system () - You can run programs that are on file safe_mode_exec_dir.
- apache_request_headers () - In safe mode, headers beginning with 'authorization' (case sensitive) will not be returned.
Posting Permissions
Reply With Quote
Bookmarks