[imp] Safe Mode

Lord Apollyon implist at paypc.com
Tue Sep 30 15:26:04 PDT 2003


> *  With safe mode turned on there was the immediate env problems (LANG) 
> that I just tried suppressing but ended up turning off show_errors in 
> php.ini.  (well documented elsewhere)

Easy to fix.

For the VirtualHost section (Apache config) covering your webmail section:

php_admin_value safe_mode_allowed_env_vars = "PHP_,LANGUAGE,LANG,TZ"

> *  I also get "Cannot set time limit in safe mode".  I responded with 
> setting the time_limit in the php.ini to a decently high value of 
> 240sec.  However, no matter what I set for error_reporting (php.ini) 
> they still show up in my php.log file.  I'd like to stop these errors 
> from hitting the log file because there are 5 or 6 for every page 
> request.

You'll need to "patch" Horde/IMP to fix that.

The calls are made in:

horde/imp/lib/base.php:
horde/kronolith/lib/base.php:
horde/lib/Registry.php:
horde/turba/lib/base.php:

Given some of the Horde/IMP's developers' hostility towards "Safe Mode", I
suggest you maintain a list of Safe-Mode violating lines of code.  The pity
is that code can check for Safe Mode being on and proactively avoid making
such calls.

> *  Does this error "sh: line 1: /wvHtml: No such file or directory" 
> have to do with safe mode based on the following permissions?
> 	# ll `which wvHtml`
> 	-rwxr-xr-x    1 root     root         2977 Jul 25 10:40 
> /usr/local/bin/wvHtml

All system binaries you use in Horde/IMP must be placed in the PHP
Safe_Binary directory... note, symlinks to existing bins are OK so you don't
need to "duplicate" files.

> *  Attachments are no longer working.  They upload fine, and show the 
> right size.  However, when the message is sent, the data is missing.  
> If you view the message source you see the MIME header for the 
> attachment, but it contains no data, just header/footer.  Ideas?

You need to create a special upload directory and chown www:www ; chmod 0700
; it.  Configure your PHP upload path to use that directory, *AND*
Horde/IMP's upload/attachment directory to use (or a descendent) of it as
well.  I think I put an explicit <Directory> directive permitting
POST/UPLOAD content to that directory tree as well to be paranoid.  

I operate a sizeable production IMP server in Safe Mode with *NO*
compromises whatsoever except for the loss of Spell-check functionality.  I
haven't figured out what breaks that yet.

=Apollyon=



More information about the imp mailing list