PHP offers a number of configuration parameters that are intended to greatly increase its level of security awareness. This section introduces many of the most relevant options.Safe Mode
If you’re running a version of PHP earlier than PHP 6, safe mode will be of particular interest if you’re running PHP in a shared-server environment. When enabled, safe mode always verifies that the executing script’s owner matches the owner of the file that the script is attempting to open. This prevents the unintended execution, review, and modification of files not owned by the executing user, provided that the file privileges are also properly configured to prevent modification. Enabling safe mode also has other significant effects on PHP’s behavior, in addition to diminishing, or even disabling, the capabilities of numerous standard PHP functions. These effects and the numerous safe mode–related parameters that comprise this feature are discussed in this section.
Caution As of version 6, safe mode is no longer available. See Chapter 2 for more information.
safe_mode = On | Off
Scope: PHP_INI_SYSTEM ; Default value: Off
Enabling the safe_mode directive places restrictions on several potentially dangerous language features when using PHP in a shared environment. You can enable safe_mode by setting it to the Boolean value of On , or disable it by setting it to Off . Its restriction scheme is based on comparing the UID (user ID) of the executing script and the UID of the file that the script is attempting to access. If the UIDs are the same, the script can execute; otherwise, the script fails.
Specifically, when safe mode is enabled, several restrictions come into effect:
The following is a complete list of functions, variables, and configuration directives that are affected when the safe_mode directive is enabled:
safe_mode_gid = On | Off
Scope: PHP_INI_SYSTEM ; Default value: 0ff
This directive changes safe mode’s behavior from verifying UIDs before execution to verifying group IDs. For example, if Mary and John are in the same user group, Mary’s scripts can call fopen() on John’s files.
safe_mode_include_dir = string
Scope: PHP_INI_SYSTEM ; Default value: NULL
You can use safe_mode_include_dir to designate various paths in which safe mode will be ignored if it’s enabled. For instance, you might use this function to specify a directory containing various templates that might be incorporated into several user Web sites. You can specify multiple directories by separating each with a colon on Unix-based systems, and a semicolon on Windows.
Note that specifying a particular path without a trailing slash will cause all directories falling under that path to also be ignored by the safe mode setting. For example, setting this directive to /home/configuration means that /home/configuration/templates/ and /home/configuration/passwords/ are also exempt from safe mode restrictions. Therefore, if you’d like to exclude just a single directory or set of directories from the safe mode settings, be sure to conclude each with the trailing slash.
safe_mode_allowed_env_vars = string
Scope: PHP_INI_SYSTEM ; Default value: "PHP_"
When safe mode is enabled, you can use this directive to allow certain environment variables to be modified by the executing user’s script. You can allow multiple variables to be modified by separating each with a comma.
safe_mode_exec_dir = string
Scope: PHP_INI_SYSTEM ; Default value: NULL
This directive specifies the directories in which any system programs reside that can be executed by functions such as system() , exec() , or passthru() . Safe mode must be enabled for this to work. One odd aspect of this directive is that the forward slash (/) must be used as the directory separator on all operating systems, Windows included.
safe_mode_protected_env_vars = string
Scope: PHP_INI_SYSTEM ; Default value: LD_LIBRARY_PATH
This directive protects certain environment variables from being changed with the putenv() function. By default, the variable LD_LIBRARY_PATH is protected because of the unintended consequences that may arise if this is changed at run time. Consult your search engine or Linux manual for more information about this environment variable. Note that any variables declared in this section will override anything declared by the safe_mode_allowed_env_vars directive.
blog comments powered by Disqus