Vulnerability Development mailing list archives

Re: PHP

From: sh () ECLIPSE NET UK (Stuart Henderson)
Date: Wed, 1 Dec 1999 17:11:11 +0000

I can't remember the details of safe mode, I think possibly it just
restricts system and exec type stuff.  Be aware however that it's very
easy for users (clueless or not) to eat loads of memory with infinite
loops.


It restricts file access to within a specified doc_root and
restricts system() to specified a directory. Memory usage and
maximum execution time of a script can be limited. Dynamic
loading of additional user-specified extensions is disabled
in safe_mode (you are still responsible for the ones you
build in, of course).

Links are on the PHP site but they are a little deeply buried
and maybe out of date. Of course as with most open-source
projects the code itself is the most reliable place to look.
Check out the configuration and security settings of the
annotated manual for the most recent documented information.
The php list archives at http://progressive-comp.com/Lists/
are searchable and may prove useful.

Current thread:

Re: PHP Darkcyde (Dec 01)
- Re: PHP Jon Parise (Dec 01)
  - Re: PHP James Phillips (Dec 02)
- Re: PHP Stuart Henderson (Dec 01)
- Norton AntiVirus 2000 POProxy.exe Craig Bernstein (Dec 01)
  - Re: Norton AntiVirus 2000 POProxy.exe Mike Frantzen (Dec 01)
- <Possible follow-ups>
- Re: PHP Matt Storey (Dec 01)
  - Re: PHP Seth R Arnold (Dec 01)
- Re: PHP Rodrick Brown <System Administrator> (Dec 01)