ID: 9516
Updated by: [email]rasmus@php.net[/email]
Reported By: bram at xspace dot com
-Status: Open
+Status: Bogus
Bug Type: Feature/Change Request
Operating System: Linux
PHP Version: 4.0.4pl1
New Comment:

Safe mode is gone now so this doesn't apply anymore.


Previous Comments:
------------------------------------------------------------------------

[2001-03-01 19:26:40] bram at xspace dot com

I keep PHP both as an apache module and as a standalone shell,

However, to be responsible, I need safe mode for the apache module and
so it's in the .ini file.

But when I run the script from a standalone shell from suexec, PHP
insists on
reading the .ini, going into safe mode, and then setuid's -1, from
which there is
no recovery.

There is no way around this except to compile each version with a
separate config-file-path, one path has a config without safe_mode and
one does.

Scenario:
script file has same owner uid as POSIX getuid()
script is being executed through a shell (#!/usr/local/bin/php)

You cannot specify an alternate config file from the shell invocation
when being executed from suexec -- it
will keep on reporting, "No input file specified" (which is an entirely
separate issue.)

There should be an option for the shell not to enter safe-mode, and it
could be specified as part
of the shell invocation line in the script, (ie #!/usr/local/bin/php
--no-safe-mode) I think if some restriction control could be placed in
the .ini file to restrict who is allowed to perform that function, that
would safe enough.

Bram

------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=9516&edit=1[/url]