[imp] Safe Mode

Caylan Van Larson caylan at aero.und.edu
Tue Sep 30 15:01:13 PDT 2003


Evening,

We just rolled out a separate web server for student use that services 
horde/imp and ~/<username> requests.  I had to turn on safe mode when I 
realized (woke up at 3am sweating) that users could just exec("grep 
password /www/webmail/htdocs/config/horde.conf") and gain access to the 
mysql server.  I turned on safe_mode with uid/gid checking... *safe*

I know horde is not meant to be run with safe_mode enabled, but I'll go 
out on a limb and see what comes of me attempting to do this.

Here are my current problems:

*  With safe mode turned on there was the immediate env problems (LANG) 
that I just tried suppressing but ended up turning off show_errors in 
php.ini.  (well documented elsewhere)

*  I also get "Cannot set time limit in safe mode".  I responded with 
setting the time_limit in the php.ini to a decently high value of 
240sec.  However, no matter what I set for error_reporting (php.ini) 
they still show up in my php.log file.  I'd like to stop these errors 
from hitting the log file because there are 5 or 6 for every page 
request.

*  Does this error "sh: line 1: /wvHtml: No such file or directory" 
have to do with safe mode based on the following permissions?
	# ll `which wvHtml`
	-rwxr-xr-x    1 root     root         2977 Jul 25 10:40 
/usr/local/bin/wvHtml

*  Attachments are no longer working.  They upload fine, and show the 
right size.  However, when the message is sent, the data is missing.  
If you view the message source you see the MIME header for the 
attachment, but it contains no data, just header/footer.  Ideas?
	# ll /www/webmail.aero.und.edu/horde_vfs/.horde/imp/
	drwx------    2 apache   apache       4096 Sep 23 15:45 attachments
	# sudo -u apache touch 
/www/webmail.aero.und.edu/horde_vfs/.horde/imp/attachments/phpsdafasdf
	# ll 
/www/webmail.aero.und.edu/horde_vfs/.horde/imp/attachments/phpsdafasdf
	-rw-r--r--    1 apache   apache          0 Sep 30 16:55 
/www/webmail.aero.und.edu/horde_vfs/.horde/imp/attachments/phpsdafasdf

Also, anyone out there interested in backporting the composite driver 
functionality of sork back to the latest release version?  If someone 
out there has done this let me know!

Thanks for the read,


Caylan Van Larson
  Unix Administrator
   UND Aerospace



More information about the imp mailing list