1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

PHP safe mode On by default for each domain

Discussion in 'Plesk for Linux - 8.x and Older' started by ashopandreas, Apr 30, 2006.

  1. ashopandreas

    ashopandreas Guest

    0
     
    In Plesk 8 the safe_mode setting in php can be turned on/off for each domain separately. If you want safe mode to be off (to make php useful) and have many domains on your server you are in for a nice surprise. The default is safe_mode = On and it can only be changed by unchecking a checkbox for each one of your domains. Try doing this on a hundred domains and you will be very thankful to Plesk for making your life harder.

    The checkbox can be found on the hosting setup page for a domain, next to the checkbox that activates php. Changing php.ini won't make a difference. This checkbox overrides that setting through the httpd.include files.

    A suggestion to the Plesk development team: you should either let people select this during installation/update or use the value currently in php.ini.
     
  2. Traged1

    Traged1 Guest

    0
     
    Can you not use group operations to do this for all the domains at once?

    You are aware that when safe_mode is off, any of your customers can read, edit or delete any and all files on your server by using a simple php script.
     
  3. cyrus1u1

    cyrus1u1 Guest

    0
     
    What a grap, are you kidding?! Disabling safe mode would be a big security lack.
     
  4. ALGORYTHM

    ALGORYTHM Guest

    0
     
    erm php safe mode off is supposed to be a default setting on the majority of php servers.

    also no user can read/write/execute all files unless they are root.

    safe mode off, globals off, install mod security.
     
  5. Traged1

    Traged1 Guest

    0
     
    LOL, yes technically you are correct, however, your httpd service runs PHP, and thus any user can ready files and execute them as the user apache, if a user was to upload a rootkit to thier account they could execute it and effectively get root access, however apache has enough access already to ready to manipulate all your customer files? Do your customers know that other customers can ready thier private information on your server? Including any stored credit card numbers and personal contact information.

    If you really need php safe mode Off, you should be using virtuosso, or have grsecurity or a very stronge SELInux ACL.

    In my 7 years of hosting, we have never turned off php safemode and we have thousands of shared hosting customers, who do not mind it. However, I must admin that most of our customers are using coldfusion scripting where we can have them in a security sandbox.
     
  6. cyrus1u1

    cyrus1u1 Guest

    0
     


    Maybe.. that's probably why php6 will only be available in safe mode on, without any option to turn it off...
     
  7. fuzzball

    fuzzball Guest

    0
     
    Just a quick note to add that you may have to run websrvmng -a -v to have the system read in the new config after running a group update to turn safe mode off.
     
  8. ALGORYTHM

    ALGORYTHM Guest

    0
     
    erm where did you hear that? :p

    http://uk.php.net/features.safe-mode
    oh and the good bit..
    i know you're all hosts so would prefer it on, i hang out with alot of coders and they really want it off ;)
     
  9. Traged1

    Traged1 Guest

    0
     
    Yes, there is always a trade off between security and usability. But I ask you this: What good is a fantastic script when the script creates a security hole on most shared servers?
     
  10. Traged1

    Traged1 Guest

    0
     
    The only secure means to accomplish removing php_safe mode is to have PHP run under SU_EXEC, which forces each script to run as the account/vhosts UID & GID. Exactly how we have PERL/CGI running in PLESK. If you attempt to run a perl script as a UID other then your own, the script will fail. We have been asking PLESK & SW-SOFT for years now to emplement this for PHP, which is totally possible, but they refuse to make the switch, therefor PLESK users can only rely on safe_mode to protect thier customer data. You can remove it at your own risk, but you must be aware that you are absolutely opening up your server to directory traversals and the reading and editing of files between shared hosting accounts on the server. It is only a matter of time before one of your customers are robbed blind, and then it will be your problem, as the admins and not the programmers fault.

    Again I beg of you SW-SOFT PLEASE USE PHP UNDER SU_EXEC!!!
     
  11. cyrus1u1

    cyrus1u1 Guest

    0
     
    To my knowledge, as I said, this means that you won't have any option to turn it off, because it will be turned on per default which could mean it was removed. (removed - the possiblity to turn it off)
     
  12. CiViX

    CiViX Guest

    0
     
    Doesn't open_basedir restrict php-access to other users files anyway? Even if safe_mode is off a php-script can't access any files outside it's open_basedir-setting, which as default is set to /tmp and the domains own /httpdocs?

    On http://no.php.net/manual/en/features.safe-mode.php they say:

    "If instead of safe_mode, you set an open_basedir directory then all file operations will be limited to files under the specified directory."

    But in a comment by "tom" on the same page, he says:

    "open_basedir only restricts file operations to files and directories under a specified directory, but you can still user system ("vi /home/somedir/somefile"), so safe_mode still has a place here as it is much more restrictive then open_basedir."

    But as PLESK still refuses to run php suexec, safe_mode really makes php unusable. A large amount of customers need safe_mode off to make Joomla, Gallery and other popular webapps work.

    So, is safe_mode = off really such a big security-risk as long as the open_basedir setting is used properly?
     
  13. ALGORYTHM

    ALGORYTHM Guest

    0
     
    erm no :rolleyes:

    people wrongly assume that once safe mode has been enabled the server is safe, it's not. the decision to remove safe mode means you have to find other ways to secure your server.

    it's not really such a big thing since register globals is going too :D

    http://www.php.net/~derick/meeting-notes.html#safe-mode
     
Loading...