[BlueOnyx:03210] Re: php error

Darrell D. Mobley dmobley at uhostme.com
Thu Dec 31 19:42:06 -05 2009 

> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
> On Behalf Of Darrell D. Mobley
> Sent: Saturday, December 19, 2009 4:48 PM
> To: 'BlueOnyx General Mailing List'
> Subject: [BlueOnyx:03141] Re: php error
> 
> > -----Original Message-----
> > From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
> > On Behalf Of Michael Stauber
> > Sent: Saturday, December 19, 2009 3:04 PM
> > To: BlueOnyx General Mailing List
> > Subject: [BlueOnyx:03139] Re: php error
> >
> > Or would you want that the PHP script of customer A can access the PHP
> > scripts of customer B?  You see where this leads to.
> >
> > You cannot have safe mode on and then expect it to behave in such an
> > unsecure fashion. When safe mode is on, site4's PHP scripts cannot
> > access site5's files and vice versa (due to UID and GID). Expecially not

> > with open_basedir in place anyway.
> 
> Well, no, I would not normally want it to work this way, but in this
> particular circumstance, like I stated (and left above) I personally have
> a production website on site4 and a development website for site4 on
site5.
> Normally I would not want this to take place, but because it's my sites, I
> would like to have it operate as stated, primarily because I would like
> the security SafeMode is supposed to provide in place in the event some 
> hacker broke into the site and tried executing a rogue PHP script.  Does 
> that make sense?
> 
> What about my other question:
> > Another issue:
> >
> > I have a website (site4) that I am trying to get SafeMode to work with.
> > When I have SafeMode enabled, either with or without SafeModeGID, it
> > cannot use the PHP functions:
> >
> > imagecreatefromjpeg, imagecreatefrompng, imagecreatefromgif
> >
> > I include the site's absolute path in the SafeMode include directory,
> > c and it has zero effect.
> >
> > How do I do this in BX?
> 
> The files created by these image creation routines are owned by apache in
> group site4. Can apache not produce images in a 755 permissioned directory
> it owns? Is there a SafeMode restriction in place (when it is enabled)
> that doesn't allow apache to create files in directories it owns? I tried
> SafeModGID on and off, and putting the following directory paths in both
> the SafeMode include and SafeMode exec spots:
> 
> /home/.sites/70/site4
> /home/.sites/70/site4/
> /home/.sites/70/site4/web
> /home/.sites/70/site4/web/
> 
> Nothing worked.
> 
> We know site4 owns all of those.  I even changed the ownership of the
> /home/.sites/70/site4/web/images directory to apache:site4 and changed
> permissions on that one directory to 777.  No joy.

Bump.

More information about the Blueonyx mailing list