[BlueOnyx:03228] Re: php error

Mon Jan 4 11:48:05 -05 2010

----- Original Message ----- 
From: "Darrell D. Mobley" <dmobley at uhostme.com>
To: "'BlueOnyx General Mailing List'" <blueonyx at blueonyx.it>
Sent: Monday, January 04, 2010 6:49 AM
Subject: [BlueOnyx:03227] Re: php error

>
>
>> -----Original Message-----
>> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
>> On Behalf Of Darrell D. Mobley
>> Sent: Thursday, December 31, 2009 7:42 PM
>> To: 'BlueOnyx General Mailing List'
>> Subject: [BlueOnyx:03210] Re: php error
>>
>> > -----Original Message-----
>> > From: blueonyx-bounces at blueonyx.it 
>> > [mailto:blueonyx-bounces at blueonyx.it]
>> > On Behalf Of Darrell D. Mobley
>> > Sent: Saturday, December 19, 2009 4:48 PM
>> > To: 'BlueOnyx General Mailing List'
>> > Subject: [BlueOnyx:03141] Re: php error
>> >
>> > > -----Original Message-----
>> > > From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-
>> bounces at blueonyx.it]
>> > > On Behalf Of Michael Stauber
>> > > Sent: Saturday, December 19, 2009 3:04 PM
>> > > To: BlueOnyx General Mailing List
>> > > Subject: [BlueOnyx:03139] Re: php error
>> > >
>> > > Or would you want that the PHP script of customer A can access the 
>> > > PHP
>> > > scripts of customer B?  You see where this leads to.
>> > >
>> > > You cannot have safe mode on and then expect it to behave in such an
>> > > unsecure fashion. When safe mode is on, site4's PHP scripts cannot
>> > > access site5's files and vice versa (due to UID and GID). Expecially
>> not
>>
>> > > with open_basedir in place anyway.
>> >
>> > Well, no, I would not normally want it to work this way, but in this
>> > particular circumstance, like I stated (and left above) I personally
>> have
>> > a production website on site4 and a development website for site4 on
>> site5.
>> > Normally I would not want this to take place, but because it's my 
>> > sites,
>> I
>> > would like to have it operate as stated, primarily because I would like
>> > the security SafeMode is supposed to provide in place in the event some
>> > hacker broke into the site and tried executing a rogue PHP script. 
>> > Does
>> > that make sense?
>> >
>> > What about my other question:
>> > > Another issue:
>> > >
>> > > I have a website (site4) that I am trying to get SafeMode to work
>> with.
>> > > When I have SafeMode enabled, either with or without SafeModeGID, it
>> > > cannot use the PHP functions:
>> > >
>> > > imagecreatefromjpeg, imagecreatefrompng, imagecreatefromgif
>> > >
>> > > I include the site's absolute path in the SafeMode include directory,
>> > > c and it has zero effect.
>> > >
>> > > How do I do this in BX?
>> >
>> > The files created by these image creation routines are owned by apache
>> in
>> > group site4. Can apache not produce images in a 755 permissioned
>> directory
>> > it owns? Is there a SafeMode restriction in place (when it is enabled)
>> > that doesn't allow apache to create files in directories it owns? I
>> tried
>> > SafeModGID on and off, and putting the following directory paths in 
>> > both
>> > the SafeMode include and SafeMode exec spots:
>> >
>> > /home/.sites/70/site4
>> > /home/.sites/70/site4/
>> > /home/.sites/70/site4/web
>> > /home/.sites/70/site4/web/
>> >
>> > Nothing worked.
>> >
>> > We know site4 owns all of those.  I even changed the ownership of the
>> > /home/.sites/70/site4/web/images directory to apache:site4 and changed
>> > permissions on that one directory to 777.  No joy.
>>
>> Bump.
>
> Bump.
>
>

Darrell

You seem to be purposely making things hard on yourself with your cross-site 
setup. It seems to me you are adding safe mode for security, then you are 
nullifying the added security. Just put on the files on the same site or 
turn safe mode off.

Or, ask the question from a php specific list.

Ken Marcus