[imp] Safe Mode

Caylan Van Larson caylan at aero.und.edu
Tue Sep 30 19:12:12 PDT 2003


> Always a dangerous combination.  Make sure you check everything for
> access restrictions, like where you save php session files, php 
> uploaded
> files, etc.  I don't allow logins to my Horde server just because of 
> such
> reasons.

Nor do I Eric.  This server processes ~/<username> requests from a 
mod_rewrite rule from our main non-student accessible server.  AFAIK, 
suexec, cgiwrap or sbox  that effectively chroots user processes 
protects the server from cgi scripts.  However, when php is thrown in 
(that is not protected with suexec/cgi-wrapper) how do you chmod the 
php.ini file so users can not read it using php (which runs as the www 
user)?  Isn't that why safe_mode was created?

> While your reason for putting safe_mode on was completely bogus

Am I missing something or did you just have a bad day?

Caylan


Caylan Van Larson
  Unix Administrator
   UND Aerospace



More information about the imp mailing list