[imp] Safe Mode
Caylan Van Larson
caylan at aero.und.edu
Tue Sep 30 15:01:13 PDT 2003
Evening,
We just rolled out a separate web server for student use that services
horde/imp and ~/<username> requests. I had to turn on safe mode when I
realized (woke up at 3am sweating) that users could just exec("grep
password /www/webmail/htdocs/config/horde.conf") and gain access to the
mysql server. I turned on safe_mode with uid/gid checking... *safe*
I know horde is not meant to be run with safe_mode enabled, but I'll go
out on a limb and see what comes of me attempting to do this.
Here are my current problems:
* With safe mode turned on there was the immediate env problems (LANG)
that I just tried suppressing but ended up turning off show_errors in
php.ini. (well documented elsewhere)
* I also get "Cannot set time limit in safe mode". I responded with
setting the time_limit in the php.ini to a decently high value of
240sec. However, no matter what I set for error_reporting (php.ini)
they still show up in my php.log file. I'd like to stop these errors
from hitting the log file because there are 5 or 6 for every page
request.
* Does this error "sh: line 1: /wvHtml: No such file or directory"
have to do with safe mode based on the following permissions?
# ll `which wvHtml`
-rwxr-xr-x 1 root root 2977 Jul 25 10:40
/usr/local/bin/wvHtml
* Attachments are no longer working. They upload fine, and show the
right size. However, when the message is sent, the data is missing.
If you view the message source you see the MIME header for the
attachment, but it contains no data, just header/footer. Ideas?
# ll /www/webmail.aero.und.edu/horde_vfs/.horde/imp/
drwx------ 2 apache apache 4096 Sep 23 15:45 attachments
# sudo -u apache touch
/www/webmail.aero.und.edu/horde_vfs/.horde/imp/attachments/phpsdafasdf
# ll
/www/webmail.aero.und.edu/horde_vfs/.horde/imp/attachments/phpsdafasdf
-rw-r--r-- 1 apache apache 0 Sep 30 16:55
/www/webmail.aero.und.edu/horde_vfs/.horde/imp/attachments/phpsdafasdf
Also, anyone out there interested in backporting the composite driver
functionality of sork back to the latest release version? If someone
out there has done this let me know!
Thanks for the read,
Caylan Van Larson
Unix Administrator
UND Aerospace
More information about the imp
mailing list