When PHP safe_mode is on
When safe_mode is on, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function or its directory. For example:
-rw-r–r– 1 root root 1116 Nov 26 18:01 /etc/passwd
Running passwd.php: results in this error when safe mode is enabled:
allowed to access /etc/passwd owned by uid 0 in /docroot/passwd.php on line 2
However, there may be environments where a strict UID check is not appropriate and a relaxed GID check is sufficient. This is supported by means of the safe_mode_gid switch. Setting it to On performs the relaxed GID checking, setting it to Off (the default) performs UID checking.
If instead of safe_mode, you set an open_basedir directory then all file operations will be limited to files under the specified directory. For example (Apache httpd.conf example):
If you run the same script.php with this open_basedir setting then this is the result:
Leave a Reply
You must be logged in to post a comment.