1

as the Debian developers consider safe_mode (which will not make it into PHP6) and open_basedir inherently broken security measures, I wonder if they can be considered replaceable by mod_suexec combined with mod_fcgid. Do you think this is valid?

Kind regards, Benjamin.

benjamin
  • 187
  • 1
  • 12

1 Answers1

0

I would suggest that given appropriate file permissions in the filesystem, using suexec with PHP would be acceptable to replace safe_mode. This is simply because you are allowing the filesystem to prevent file access instead of letting PHP do it for you, which is considered broken and therefore removed as of PHP 5.4.

open_basedir does have some issues that make it broken, such as the fact that there is a bad race condition related to symlink replacement, and therefore it probably shouldn't be used. I'm not aware that it is being removed from PHP and I would assume they would try to tighten that up someday. I wouldn't rely on it. suexec won't solve this problem, though. For example, if you want to prevent a PHP script from accessing /etc/passwd, there is nothing that suexec will do to prevent it since that's always a world-readable file. open_basedir would possibly prevent that from happening if it weren't for that pesky race condition. I don't think suexec solves this part and I'm not sure what would solve it aside from using a chroot in some fashion.

Emmaly
  • 425
  • 2
  • 8
  • 16