Re: Nuking safe_mode
Hi,
Just got home from a month in South America and is trying to catch up
on old posts...
On Sat, 18 Feb 2006 17:02:32 -0800, in php.internals [email protected]
(Andi Gutmans) wrote:
>I'm nuking safe_mode and I found something odd. In streams,
>php_plain_files_unlink() only checks php_check_open_basedir() when
>ENFORCE_SAFE_MODE is flagged. I was planning on nuking
>ENFORCE_SAFE_MODE completely. Is this a bug? Or should I rename
>ENFORCE_SAFE_MODE to ENFORCE_OPEN_BASEDIR?
Rasmus mentions in <[email protected]> /
http://news.php.net/php.internals/20417 that
it might be a good idea
unwrapping the safe_mode_exec_dir check from the uid matching.
The trouble about "safe mode" seems mainly to be the expression (based
on the notes in
http://www.php.net/~derick/meeting-notes.html#safe-mode
) and the
spurious UID checks.
In the same old thread it didn't seem like there was a consensus or
best practice regarding the exec functions. Some recommended using
disabled_functions, but this would just be asking people to "remake"
and maintain their own list of functions that safe_mode (under any
other name) would have disabled for them.
Would the feature of safe_mode_exec_dir in any kind of name be
preserved, as recommended by Rasmus? This might be the exact time to
"remind us later".
--
- Peter Brodersen
Thread (5 messages)