LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   safe_mode question (https://www.linuxquestions.org/questions/linux-server-73/safe_mode-question-701850/)

h725 02-03-2009 03:35 AM
safe_mode question
 
hi,

I'm trying to understand safe_mode in php.
I put safe_mode = On in php.ini

After, I've created a little php file, owned by my normal user, while apache2 is running as www-data.

Why I'm able to call the script via browser?

Undeadzz 02-04-2009 12:46 AM
if the browser is able to call the script thats normal, its probly allowed by the apache configuration?

h725 02-04-2009 02:02 AM
Quote:
Originally Posted by Undeadzz (Post 3431392)
if the browser is able to call the script thats normal, its probly allowed by the apache configuration?
I don't understand.. if safe_mode is ON, and the script's uid is different than www-data, why I'm able to execute the script?

h725 02-04-2009 04:23 PM
Quote:
Originally Posted by h725 (Post 3431462)
I don't understand.. if safe_mode is ON, and the script's uid is different than www-data, why I'm able to execute the script?
Ok, I found the explanation in this link:

http://it2.php.net/manual/en/ini.sect.safe-mode.php

Quote:
When safe_mode is on, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function or its directory. For example:

-rw-rw-r-- 1 rasmus rasmus 33 Jul 1 19:20 script.php
-rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd

Running script.php:
<?php
readfile('/etc/passwd');
?>
results in this error when safe mode is enabled:

Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not
allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
..which is a little different than simply open a php file via browser.


All times are GMT -5. The time now is 11:43 PM.