PHP Safe_mode is restricted. Solution

Source: Internet
Author: User
PHP Safe_mode is restricted to the places where it is opened. Safe_mode is restricted to the places where it is opened. If PHP opens the savemodel, system () and other programs to execute functions, it will refuse to start programs not in this directory. The/must be used as the directory separator, including the safe_mode_allowed_env_vars PHP Safe_mode in Windows.
Which of the following are restricted when Safe_mode is enabled.

------ Solution --------------------
If you open the save model, system (), and other programs in PHP, the execution of functions will refuse to start programs not in this directory. Must use/as the directory separator, including safe_mode_allowed_env_varsstring in Windows

Functions restricted or blocked by security mode
Function name restrictions
Dbmopen () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Dbase_open () check whether the operated file or directory has the same UID (owner) as the executed script ).
Filepro () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Filepro_rowcount () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Filepro_retrieve () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Ifx _ * SQL _safe_mode limit ,(! = Safe mode)
Ingres _ * SQL _safe_mode limit ,(! = Safe mode)
Mysql _ * SQL _safe_mode limit ,(! = Safe mode)
Pg_loimport () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Posix_mkfifo () check whether the operated directory has the same UID (owner) as the executed script ).
Putenv () follows the safe_mode_protected_env_vars and safe_mode_allowed_env_vars options set by ini. See the putenv () function documentation.
Move_uploaded_file () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Chdir () checks whether the operated directory has the same UID (owner) as the executed script ).
Dl () When PHP runs in safe mode, this function cannot be used.
Backtick operator this function is not available when PHP runs in safe mode.
Shell_exec () (with the same function as the backticks function) is not available when PHP runs in safe mode.
Exec () can only be executed in the directory set by safe_mode_exec_dir. For some reason, it cannot be used in the path of the executable object... Escapeshellcmd () will be applied to the parameters of this function.
System () can only be executed in the directory set by safe_mode_exec_dir. For some reason, it cannot be used in the path of the executable object... Escapeshellcmd () will be applied to the parameters of this function.
Passthru () can only be executed in the directory set by safe_mode_exec_dir. For some reason, it cannot be used in the path of the executable object... Escapeshellcmd () will be applied to the parameters of this function.
Popen () can only be executed in the directory set by safe_mode_exec_dir. For some reason, it cannot be used in the path of the executable object... Escapeshellcmd () will be applied to the parameters of this function.
Fopen () checks whether the operated directory has the same UID (owner) as the executed script ).
Mkdir () check whether the operated directory has the same UID (owner) as the executed script ).
Rmdir () check whether the operated directory has the same UID (owner) as the executed script ).
Rename () checks whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ).
Unlink () checks whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ).
Copy () check whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ). (On source and target)
Chgrp () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Chown () checks whether the operated file or directory has the same UID (owner) as the executed script ).
Chmod () checks whether the operated file or directory has the same UID (owner) as the executed script ). In addition, SUID, SGID, and sticky bits cannot be set.
Touch () checks whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ).
Symlink () checks whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ). (Note: Only test target)
Link () checks whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ). (Note: Only test target)
Apache_request_headers () in safe mode, headers starting with "authorization" (case sensitive) are not returned.
Header () in safe mode, if WWW-Authenticate is set, the uid of the current script will be added to the realm part of the header.
In safe mode, PHP_AUTH_USER, PHP_AUTH_PW, and PHP_AUTH_TYPE are not available in $ _ SERVER. However, you can still use REMOTE_USER to obtain the USER name ). (Note: it is valid only after PHP 4.3.0)
Highlight_file (), show_source () check whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ). (Note: it is only valid after version 4.2.1)
Parse_ini_file () check whether the operated file or directory has the same UID (owner) as the executed script ). Check whether the operated directory has the same UID (owner) as the executed script ). (Note: it is only valid after version 4.2.1)
Set_time_limit () does not work in safe mode.
Max_execution_time does not work in safe mode.
In secure mode, the fifth parameter is blocked. (Note: only affected since PHP 4.2.3)

------ Solution --------------------

Safe_mode is the unique PHP_INI_SYSTEM attribute and must be set through php. ini or httpd. conf. To enable safe_mode, modify php. ini: safe_mode = On or httpd. conf to define the directory:
Options FollowSymLinks php_admin_value safe_mode 1
After apache is restarted, the safe_mode takes effect. When safe_mode is started, many PHP functions are restricted, especially system-related functions such as file opening and command execution.

Functions of all operation files can only operate files with the same UID as the script.

Although safe_mode is not omnipotent (earlier versions of PHP can bypass), it is strongly recommended to enable the security mode to avoid unknown attacks to some extent. However, enabling safe_mode has many restrictions, which may affect the application. Therefore, you must adjust the code and configuration to ensure harmony. For functions restricted or blocked by the security mode, refer to the PHP Manual.
------ Solution --------------------
First and third floors
------ Solution --------------------
As long as you do not try to write files, there is no difference
If you allow the use of programs to write files, then what mode is meaningless

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.