[Pmwiki-users] safe_mode

Patrick R. Michaud pmichaud at pobox.com
Sat Jun 28 13:28:28 CDT 2003 

Safe_mode is a serious problem for PmWiki, as well as any other PHP
script that needs the ability to read and write data to disk.  Frankly, 
I think that PHP's concept of "safe mode" is completely bogus, because 
the restrictions it imposes means that a PHP program (such as PmWiki) 
can create files and directories but it cannot access or modify the 
files it creates.  It's totally bizarre, and there doesn't seem to
be any way around it (and it's documented as such on the PHP site).

Plus, I wonder about hosting services that restrict PHP users to 
"safe mode".  Do they allow Perl CGI scripts?  If so, then why
restrict PHP to safe mode?  It's like putting a vault door on your
house but leaving all of the windows open--it really hasn't improved
system security.

So, because pmwiki.php in safe_mode cannot read the files it writes,
the only solution is to change the permissions to 777, as noted below.

Finally, PHP's safe_mode usually means that pmwiki.php is not allowed
to make calls to external programs.  In particular, pmwiki.php cannot 
use the Unix diff(1) and patch(1) utilities to maintain the page 
revisions and restore functions.  The current solution to this is
to put copies of diff(1) and patch(1) in a directory that safe_mode
doesn't complain about.  Sometimes this can be done with a symlink,
sometimes it requires copying the binaries.  

The longer solution would be to add PHP code to pmwiki.php to perform the
equivalent of diff(1) and patch(1) to avoid the calls to the external
programs, but that's a pretty hefty undertaking for limited gain.

So, I haven't found easy fixes.  At the time I originally wrote PmWiki,
I chose PHP over Perl because it looked like it would make installation 
easier and PHP had a couple of other nice features from a software
development perspective.  However, PHP and web hosting providers are 
slowly closing off all of those advantages, which means that at some 
point it becomes better for me to just switch PmWiki to Perl rather 
than continually react to all of the odd configurations and restrictions 
being added to PHP.  

Pm

On Sat, Jun 28, 2003 at 08:03:41PM +0200, Bernhard Weichel in pmwiki-users wrote:
> hi,
> 
> today I tried to make pmwiki work on a host running php in safe_mode.
> 
> My problems:
> 
> * when I have pmwiki create wiki.d, it cannot subsequently write into it.
> The message is:
> 
> Warning: file_exists() [function.file-exists]: SAFE MODE Restriction in
> effect. The script whose uid is 660 is not allowed to access
> /www/pmwiki-0.5.5/wiki.d owned by uid 30 in
> /www/pmwiki-0.5.5/pmwiki.php on line 211
> 
> * when I create wiki.d manually, I have to chmod 777 to make it work. This
> doesn't really seem safe to me.
> 
> * diff does not work.
> 
> --Bernhard
> 
> 
> 
> 
> _______________________________________________
> Pmwiki-users mailing list
> Pmwiki-users at pmichaud.com
> http://pmichaud.com/mailman/listinfo/pmwiki-users_pmichaud.com
>

More information about the pmwiki-users mailing list