Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2009

    Question Security concerns on disabling safe_mode in shared server


    I'm thinking about disabling safe_mode but I'm afraid from hacking. What is safe_mode is doing in the first place?

    I think preventing users from accessing other users files. Am I right?

    If so, how come it's not enabled on many secure servers (like HostGator's)?

    Please advise. Any input is appreciated.

  2. #2
    I quote:

    "The safe_mode directive is intended to provide file access limits to prevent users from accessing files that do no belong to them.
    This supposedly should make it impossible to access files of other people in a shared server environment, a common operating environment for PHP where PHP runs as an Apache module and as such has read access to all files accessible by the webserver regardless of the owner.

    When enabled, safe_mode will perform a uid/gid (user id and group id) check on the file/directory to be accessed and compare it to the uid/gid of the script that is trying to access the file. If the two match then the file operation will proceed as normal and in all other cases it will fail.

    In theory this is a fairly simple hack to a problem that is not otherwise easily addressed without significant performance penalties such as running PHP in CGI mode, whereby the scripts are executed under the user's own user/group id.

    So is the real solution to the problems of permissions for file access on shared hosts. By far the best solution is to give each user a virtual server, on which they are an admin. This means effectively creates a separate system for that user, that is completely independent from other users on the system. Virtual servers are surprisingly efficient configurations because in the end users tend to run the same binaries that share the same memory space.

    Another alternative is to use CGI or more efficient Fast-CGI in combination with security permissions (umask) that would prevent files created by the user from having a world read and have them owned by the Apache group. A simpler trick could be setting a 711 mask on user directories preventing the listing of files in those directories making file retrieval by unauthorized users extremely difficult.

    The last security measure can be found in PHP itself and is called open_basedir. This INI directive allows you to restrict file accesses of a particular user to a series of directories."

    Hope that answers your question ...

Similar Threads

  1. Windows Server 2008 Logon Process and Some Security Concerns
    By lyew in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-29-2008, 04:55 AM
  2. question about disabling safe_mode in my account
    By wiredhosting in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-03-2008, 03:19 AM
  3. Shared Hosting - Security Issues and Concerns
    By dm_fw in forum Hosting Security and Technology
    Replies: 3
    Last Post: 09-16-2006, 02:58 AM
  4. PHP Safe_Mode = OFF concerns?
    By Learning_as_I_go in forum Hosting Security and Technology
    Replies: 5
    Last Post: 01-22-2006, 04:16 PM
  5. Security Concerns --- Windows Terminal Server
    By ndctech in forum Hosting Security and Technology
    Replies: 2
    Last Post: 02-06-2004, 09:46 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts