The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Will turning on safe_mode in php.ini break installed files and packages?

Discussion in 'General Discussion' started by jols, Dec 21, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Simple question:

    Will turning on safe_mode in php.ini break installed files and packages?
     
  2. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks a bunch for that link. Not sure how "easily" though. Looks like the concept is simply, but there is a lot to review here when it comes to the individual experience of the various host-masters.

    I am just wonder actually how important safe-mode is? For example, chirpy has this great security system called CSF. It is basically a firewall but there is a little tester page that performs various security checks. It does not check for php safe-mode.

    Likewise, we have hired webtechs in the recent past to shore up security, and they have never mentioined safe-mode on php.

    I do have the php open_basedir enabled. And I do have suexe installed, but not phpsuexe because the last time I tried this (last week) it broke nearly every php script package installation on the server.

    So, I guess I am wondering if safe-mode is redundant to php open_basedir? And of course, as previously stated if it is going to break things the way phpsuexe does?

    Anyone have any opinioins on this?
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Okay, thanks again, looks like safe_mode is out.
     
  5. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    safe mode is an easy way to lock down the security and functions you can use . PHP.net says that "safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now."

    Php by nature is unfortunatly very insecure by default. but you can secure you php in share hosting environment using security modules like mod_security, else you disbled the insecure function in php.
     
Loading...
Similar Threads - turning safe_mode php
  1. steampunk76
    Replies:
    1
    Views:
    100

Share This Page