Once again the old problem comes up of a client asking for safe mode to be disabled because a script they downloaded won't work otherwise.

I certainly won't be disabling it but I was wondering what you guys tend to tell clients when you say no?

I would just tell them that the script they downloaded was not programmed very well. I believe that php programmers should always test their scripts on safemode php to ensure maximum compatibility.
Also I'd explain to them the huge security risks involved with disabling safemode. Tell them that any other client could look through their mysql database, hack their forum et cetera.

I did exactly that (even the bad programming bit) but they still aren't happy.... simply because their previous host turned safe mode off for them.

Originally posted by Rich2k
I did exactly that (even the bad programming bit) but they still aren't happy.... simply because their previous host turned safe mode off for them.
Lose the client. It's not worth it, IMO.

I agree with Aussie Bob. Tell them that you are not willing to put the security of your machines on the line for only one script.

If you "need" the client and the script's not too complicated you might be able to solve the problem and please the client after all, but don't put too much time in it.

Oh yes, I was certainly never going to disable safe mode for a client's site

I was just wondering what you tell clients. I told them pretty much what you said originally anyway. I don't think I've ever written a PHP script that required safe mode to be disabled (then again I've never tried to access the shell from php either!)

We have gotten this a few times lately and we just tell them that they can choose a different script that will work in Safemode. If they are not happy we explain they have two more choices. Let us put them on a dedicated server where they can do what they want or we can send their money back. :)

We will not take a chance on this at all.

My 1.786645 cents (taxes)

Robert

By 'solve the problem' I didn't mean "turn safe mode off" but that you might be able to change the script to run with safemode enabled :)

First of all i'm host some site, then lot of very usufull script whont work whit safe mode on...

Then lot of time for myself building a site if i need a safe mode off i'd expect my hosting provider will do it else i will go elsewhere !

There noting here about what you CALL bad programming...

If you have a good customer then he ask to turn safemode off for a script that need i think its important to help it,
not telling it blablabla....

My opignion..

Then most of you dont even know whats safemode do if its off ?

Anyone can even tell a problem you can have whit safe mode off ?
Then btw you can disable safemode only one domain at a time as i know..

Even whit cgi you can have security problem,
then do you disable cgi for that ??

With safe mode on you can't use scripts that write files to the server.

There are actually quite a few functions that are disabled as well.

Anyone have any useful workarounds to the PHP safe mode issue?

Telling a customer that you won't turn off safe mode does not help the customer in any way.

Originally posted by Hey It's Me
With safe mode on you can't use scripts that write files to the server.

There are actually quite a few functions that are disabled as well.

Anyone have any useful workarounds to the PHP safe mode issue?

Telling a customer that you won't turn off safe mode does not help the customer in any way.


PHP.net is your friend... :D

I'd never open up a server for a single user...

Originally posted by tech
...
Then lot of time for myself building a site if i need a safe mode off i'd expect my hosting provider will do it else i will go elsewhere !

If my hosting provider would turn safe_mode off I would go elsewhere :P

There noting here about what you CALL bad programming...

You're right, BUT any script should be tested with safe_mode on to see if it's "compatible". If it's not it should be modified until it is before it's released.

If you have a good customer then he ask to turn safemode off for a script that need i think its important to help it,
not telling it blablabla....

Of course, provided that you have the time and knowledge to fix the script to work with safe_mode on.

Then most of you dont even know whats safemode do if its off ?

Well, I know that I do. And I guess most other people in here know as well :)

Anyone can even tell a problem you can have whit safe mode off ?
Then btw you can disable safemode only one domain at a time as i know..

Well, it would be the same as a 'chmod -R o+r /usr/local/www' and using blank mysql passwords :)
Personally I'd call that a problem :)

Even whit cgi you can have security problem,
then do you disable cgi for that ??

No, there's a solution called 'suexec' ;)

safe_mode creates more problems than adds security.
open_basedir should be enough. If someone is good enough to go around open_basedir, he would be able to go around safe_mode as well.

Originally posted by Hey It's Me
With safe mode on you can't use scripts that write files to the server.


Oh yes you can!

I've happily written and created files with safe mode enabled. The following code would work happily with safe mode enabled


$fp = fopen ("/location/to/file.txt", "w");
fputs ($fp, $filecontent, strlen($filecontent));
fclose ($fp);



Anyone can even tell a problem you can have whit safe mode off ?
Then btw you can disable safemode only one domain at a time as i know..

Yes I know but then you give that domain access to your entire filesystem... lovely.

Originally posted by Rich2k


Oh yes you can!

I've happily written and created files with safe mode enabled. The following code would work happily with safe mode enabled


$fp = fopen ("/location/to/file.txt", "w");
fputs ($fp, $filecontent, strlen($filecontent));
fclose ($fp);


Yes I know but then you give that domain access to your entire filesystem... lovely.




safe_mode doesn't prevent scripts from writing files, neither it restricts access to the file system.
It doesn't allow script to work with files owned by other uid/guid (which is more than annoying) and prohibit running system commands (which is really good).
There is open_basedir directive to restrict access to file system.
And, I believe, anyone who can do harm by running system commands from PHP, can do harm by using other possibilities in spite of safe_mode.

One of the good things safe mode prevents is running shell commands by disabling commands such as shell_exec()

I always thought that most hosts (like practically all of them) always have php safe-mode turned OFF...not on?


Isn`t it better to have it off...or do i have it backwards?

I have a dedicated server and will soon be running a company but I need safe mode to be off...

would this be ok? since it's not going to be used for web hosting?

Btw, can someone direct me to instructions on how to turn safe mode on/off?

Thanks

Originally posted by dragonhawk
Btw, can someone direct me to instructions on how to turn safe mode on/off?

http://www.php.net/manual/en/configuration.php
Will this one do?

Thanks

Originally posted by dragonhawk
I have a dedicated server and will soon be running a company but I need safe mode to be off...

would this be ok? since it's not going to be used for web hosting?

....

If you are the only one using the server there is no reason to keep safe_mode on. The main goal of safe_mode is to prevent user X from reading the files of user Y and vice versa. But if there's no user Y there's no reason to turn it on :)

(okay, okay.. except if you want to develop scripts and want them to be 'compatible' with safe_mode)

I'll be interesting to find out what webhosts do... on or off.

Personally, I find this ridiculous. Most of you offer SSH or Telnet access but will not turn safe_mode off? safe_mode is only a security risk if you do not have your servers decently secure. Permissions are still active with safe_mode enabled...and anything executed through php runs with the httpd user. I use the same policy with turning safe_mode off as I do with granting SSH access. My setup allows me to turn safe_mode off on a per-site basis, however. Unless someone is stupid enough to chmod everything 777, there is no problem with enabling safe_mode, its like giving a pencil to a prisoner. A pencil in anyone else's hands would be harmless, but with determination, anything can become a weapon.

Justin, I totally disagree with you :D

With safe_mode off you still have the standard unix permissions system, but the problem is that a php script has the same permissions as apache.
Now apache is, of course, allowed to read php scripts and the mysql passwords included in those scripts.
If safe_mode is off, anyones script can access everyone elses php scripts and mysql passwords.

Enabling ssh access does not allow user A to access user B's files (provided the permissions are set correctly), but disabling safe_mode does.

Originally posted by T_E_O

Enabling ssh access does not allow user A to access user B's files (provided the permissions are set correctly), but disabling safe_mode does.

You are correct about how if a file has permissions so that apache can read it, so can a php script, however, you are mistaken about A not being able to access B's files. For a file to be executed by php, it has to have world read permissions, thus giving absolutely every user on the server the ability to gain this user's mysql password. The only way to prevent this would be to chown it to the apache user, which would then allow anyone to read/edit/delete it via a php script. The solution here is the open_basedir restriction, which would restrict a user from being able to do anything with files outside his directory. The SSH problem would still be there, however, which is why you must use caution with SSH.

Originally posted by jw
...
For a file to be executed by php, it has to have world read permissions, thus giving absolutely every user on the server the ability to gain this user's mysql password. The only way to prevent this would be to chown it to the apache user, which would then allow anyone to read/edit/delete it via a php script.
...

You are correct about most things, however, you are mistaken about the world-readable-requirement.
You can create a group for every site and make apache and the webmaster members of it. If you give group read permissions to the files, apache will be able to read them, but other users won't.

Originally posted by T_E_O

If safe_mode is off, anyones script can access everyone elses php scripts and mysql passwords.


Teo,
Using safe_mode for that is the same as using a gun as a door bell.
There is open_basedir restriction specially designed to limit php scripts access to a certain directory. And it doesn't screw up half of the scripts as safe_mode does.
Personally I would never host a site on a host with safe_mode on if I had a choice. Building and maintaining applications for safe_mode is like driving a car in handcuffs. Possible but unpleasant.
And, as far as I remember, the biggest security hole in PHP so far existed in some PHP versions only in safe_mode.

How can I turn open_basedir on for an individual vhost instead of the whole server?

Originally posted by barleduc
How can I turn open_basedir on for an individual vhost instead of the whole server?

You may wish to try this:
<VirtualHost 111.11.11.11>
...
...
...
php_admin_value open_basedir /path/to/vhosts/domain.com/docs/
</VirtualHost>

You can also set open_basedir for a directory:
<Directory /path/to/vhosts/domain.com/docs>
php_admin_value open_basedir .
</Directory>

Originally posted by Rich2k
I did exactly that (even the bad programming bit) but they still aren't happy.... simply because their previous host turned safe mode off for them. Lead them off to their previous host. If their previous host is so much better, why are they hosting with you?

Because they went over bandwidth and we offered them a good deal... so it's financial for them really

The old host was running a really old version of apache as well.

Safe mode is a feature that should have been solved by the Linux distro, since those guys making distros like RedHat are not doing anything but bundling, the poor guys at php (or ZEND) had to come up with a sollution, It solves the problem for the newbie, but the pro has the option of chroot jailing users to make sure they stay away from whatever they are not supposed to play with and give them safe mode off in return, either way, safe mode is a nice invention that can be enabled/disabled for websites separately (virtualhosts) Master Value should always have safe mode off (in my opinion) and local value switched ON

all this talk about safe mode ----- does anyone have a simple email php form script that WILL work with SAFE MODE ON??????


I'm having this problem and i have a nice simple script that will no longer work cause they migrated me to a server with safe mode on...

How the heck can I get this to work - or does anyone have another simple one?????

Please help...

<?php


$find = $_REQUEST['find'] ;
$type = $_REQUEST['type'] ;
$name = $_REQUEST['name'] ;
$dayphone = $_REQUEST['dayphone'] ;
$eveningphone = $_REQUEST['eveningphone'] ;
$street = $_REQUEST['street'] ;
$city = $_REQUEST['city'] ;
$state = $_REQUEST['state'] ;
$zipcode = $_REQUEST['zipcode'] ;
$budget = $_REQUEST['budget'] ;

mail( "clasione@optonline.net", "Advertising Request LIE",
$find."\n\n".$type."\n\n".$name."\n\n".$dayphone."\n\n".$eveningphone."\n\n".$street."\n\n".$city."\n\n".$state."\n\n".$zipcode."\n\n".$budget, "From: $email" );
header( "Location: http://www.website.com" );

?>

disable safe_mode on the folder where the script is ;)

Originally posted by aolex
disable safe_mode on the folder where the script is ;)

Is there anyway to do this without phpsuexec?

This thread scares me.. it really really does..

Let me outline a few things about the false sense of security you're all getting here.

How many of you offer Perl? Its much more dangerous than PHP and has no safe_mode. If I wanted to do damage on your system I wouldn't even try PHP.

Safemode and open_basedir are bad fixes to virtual hosting problems. They both break scripts when not setup properly and generally cause more problems than they solve.

Please do proper research into system security and stop relying on safe_mode/open_basedir.. they make users lives hard for no good reason. :rolleyes:

would'nt running mod security with some decent rules be better ?
as then the scripts would work with the security still tight

Many of these posts urging people to "learn more about security and turn safe_mode off" are missing a large part of the problem.

The *reason* many providers run PHP with safe_mode enabled is PERFORMANCE.

With PHP running as a webserver (usually Apache) module, it isn't hampered by the high overhead of calling an additional interpreter process on every page view (as would be needed while running PHP as a CGI interpreter).

Unfortunately, to get that performance and run PHP as a webserver module, PHP has to inherit the permissions of the webserver.

Safe Mode was introduced as a *hack* to a problem that is not PHP's to solve.

Read carefully: http://www.php.net/manual/en/features.safe-mode.php

"It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now."

Why is it still safe to allow Perl and other script interpreters (that don't include a "safe mode" hack), but limit PHP's usage with safe_mode?
Because in most shared hosting environments, Perl/Python/etc are run as CGI applications, where this issue was solved long ago with suEXEC ( http://httpd.apache.org/docs-2.0/suexec.html ) and other similar technologies.

As to those who make the point that PHP can be run under suEXEC or with a chroot jail - you have to run it with the CGI interpreter to do that... and thus take a *huge* performance hit.

So research all the options and their consequences before spouting off that safe_mode is not needed... it may be evil... but it is a NECESSARY evil.

Originally posted by bilalk
Many of these posts urging people to "learn more about security and turn safe_mode off" are missing a large part of the problem.

The *reason* many providers run PHP with safe_mode enabled is PERFORMANCE.

With PHP running as a webserver (usually Apache) module, it isn't hampered by the high overhead of calling an additional interpreter process on every page view (as would be needed while running PHP as a CGI interpreter).

Unfortunately, to get that performance and run PHP as a webserver module, PHP has to inherit the permissions of the webserver.

Safe Mode was introduced as a *hack* to a problem that is not PHP's to solve.

Read carefully: http://www.php.net/manual/en/features.safe-mode.php

"It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now."

Why is it still safe to allow Perl and other script interpreters (that don't include a "safe mode" hack), but limit PHP's usage with safe_mode?
Because in most shared hosting environments, Perl/Python/etc are run as CGI applications, where this issue was solved long ago with suEXEC ( http://httpd.apache.org/docs-2.0/suexec.html ) and other similar technologies.

As to those who make the point that PHP can be run under suEXEC or with a chroot jail - you have to run it with the CGI interpreter to do that... and thus take a *huge* performance hit.

So research all the options and their consequences before spouting off that safe_mode is not needed... it may be evil... but it is a NECESSARY evil.

I can definately understand what you mean there. I run PHP under suexec and it will eat your server alive if you don't configure it correctly.