[BlueOnyx:03141] Re: php error

[Darrell D. Mobley]

> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
> On Behalf Of Michael Stauber
> Sent: Saturday, December 19, 2009 3:04 PM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:03139] Re: php error
> 
> Hi Darrell,
> 
> > > Say I had a production website at site4 and a development website at
> > > site5,
> > > and I wanted to enable safe_mode and safe_mode_gid so that I could
> > > include a
> > > file from site4 on site5.  How do I avoid this:
> >
> > Bump????
> 
> You don't. At least you shouldn't.
> 
> Or would you want that the PHP script of customer A can access the PHP
> scripts of customer B?  You see where this leads to.
> 
> You cannot have safe mode on and then expect it to behave in such an
> unsecure fashion. When safe mode is on, site4's PHP scripts cannot access 
> site5's files and vice versa (due to UID and GID). Expecially not with 
> open_basedir in place anyway.

Well, no, I would not normally want it to work this way, but in this
particular circumstance, like I stated (and left above) I personally have a
production website on site4 and a development website for site4 on site5.
Normally I would not want this to take place, but because it's my sites, I
would like to have it operate as stated, primarily because I would like the
security SafeMode is supposed to provide in place in the event some hacker
broke into the site and tried executing a rogue PHP script.  Does that make
sense?

What about my other question:
> Another issue:
>
> I have a website (site4) that I am trying to get SafeMode to work with.
> When I have SafeMode enabled, either with or without SafeModeGID, it
cannot
> use the PHP functions:
>
> imagecreatefromjpeg, imagecreatefrompng, imagecreatefromgif
>
> I include the site's absolute path in the SafeMode include directory,
> c and it has zero effect.
>
> How do I do this in BX?

The files created by these image creation routines are owned by apache in
group site4. Can apache not produce images in a 755 permissioned directory
it owns? Is there a SafeMode restriction in place (when it is enabled) that
doesn't allow apache to create files in directories it owns? I tried
SafeModGID on and off, and putting the following directory paths in both the
SafeMode include and SafeMode exec spots:

/home/.sites/70/site4
/home/.sites/70/site4/
/home/.sites/70/site4/web
/home/.sites/70/site4/web/

Nothing worked.

We know site4 owns all of those.  I even changed the ownership of the
/home/.sites/70/site4/web/images directory to apache:site4 and changed
permissions on that one directory to 777.  No joy.

Signed,

Confused