From 3831619d942c7878786c0d96acdd191aba209e68 Mon Sep 17 00:00:00 2001 From: foobar Date: Mon, 24 Mar 2003 11:26:01 +0000 Subject: [PATCH] Removed the DOS line-endings. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@121061 c90b9560-bf6c-de11-be94-00142212c4b1 --- features/safe-mode.xml | 1158 ++++++++++++++++++++-------------------- 1 file changed, 579 insertions(+), 579 deletions(-) diff --git a/features/safe-mode.xml b/features/safe-mode.xml index e5b82fcec1..d51f356e98 100644 --- a/features/safe-mode.xml +++ b/features/safe-mode.xml @@ -1,579 +1,579 @@ - - - - Safe Mode - - - The PHP safe mode is an attempt to solve the shared-server security - problem. It is architecturally incorrect to try to solve this - problem at the PHP level, but since the alternatives at the web - server and OS levels aren't very realistic, many people, - especially ISP's, use safe mode for now. - - - - Security and Safe Mode - - - Security and Safe Mode Configuration Directives - - - - Name - Default - Changeable - - - - - safe_mode - "0" - PHP_INI_SYSTEM - - - safe_mode_gid - "0" - PHP_INI_SYSTEM - - - safe_mode_include_dir - NULL - PHP_INI_SYSTEM - - - safe_mode_exec_dir - "" - PHP_INI_SYSTEM - - - safe_mode_allowed_env_vars - PHP_ - PHP_INI_SYSTEM - - - safe_mode_protected_env_vars - LD_LIBRARY_PATH - PHP_INI_SYSTEM - - - open_basedir - NULL - PHP_INI_SYSTEM - - - disable_functions - "" - PHP_INI_SYSTEM - - - -
- For further details and definition of the PHP_INI_* constants see - ini_set. -
- - Here is a short explanation of the configuration directives. - - - - safe_mode - boolean - - - - Whether to enable PHP's safe mode. Read the - Security and chapter for more - information. - - - - - - safe_mode_gid - boolean - - - - By default, Safe Mode does a UID compare check when - opening files. If you want to relax this to a GID compare, - then turn on safe_mode_gid. - Whether to use UID (&false;) or - GID (&true;) checking upon file - access. - - - - - - safe_mode_include_dir - string - - - - UID/GID checks are bypassed when - including files from this directory and its subdirectories (directory - must also be in include_path - or full path must including). - - - As of PHP 4.2.0, this directive can take a semi-colon separated - path in a similar fashion to the - include_path directive, - rather than just a single directory. - - - The restriction specified is actually a prefix, not a directory name. - This means that "safe_mode_include_dir = /dir/incl" also allows - access to "/dir/include" and "/dir/incls" if they exist. When you - want to restrict access to only the specified directory, end with a - slash. For example: "safe_mode_include_dir = /dir/incl/" - - - - - - safe_mode_exec_dir - string - - - - If PHP is used in safe mode, system and the other - functions executing system programs - refuse to start programs that are not in this directory. - - - - - - safe_mode_allowed_env_vars - string - - - - Setting certain environment variables may be a potential security breach. - This directive contains a comma-delimited list of prefixes. In Safe Mode, - the user may only alter environment variables whose names begin with the - prefixes supplied here. By default, users will only be able to set - environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). - - - - If this directive is empty, PHP will let the user modify ANY - environment variable! - - - - - - - safe_mode_protected_env_vars - string - - - - This directive contains a comma-delimited list of environment - variables that the end user won't be able to change using - putenv. These variables will be protected - even if safe_mode_allowed_env_vars is set to allow to change them. - - - - - - open_basedir - string - - - - Limit the files that can be opened by PHP to the specified - directory-tree, including the file itself. This directive - is NOT affected by whether Safe Mode is - turned On or Off. - - - When a script tries to open a file with, - for example, fopen or gzopen, the location of the file is - checked. When the file is outside the specified directory-tree, - PHP will refuse to open it. All symbolic links are resolved, - so it's not possible to avoid this restriction with a symlink. - - - The special value . - indicates that the directory in which the script is stored will - be used as base-directory. - - - Under Windows, separate the directories with a semicolon. On all - other systems, separate the directories with a colon. As an Apache - module, open_basedir paths from parent directories are now - automatically inherited. - - - The restriction specified with open_basedir is actually a - prefix, not a directory name. This means that "open_basedir = - /dir/incl" also allows access to "/dir/include" and - "/dir/incls" if they exist. When you want to restrict access - to only the specified directory, end with a slash. For example: - "open_basedir = /dir/incl/" - - - - Support for multiple directories was added in 3.0.7. - - - - The default is to allow all files to be opened. - - - - - - disable_functions - string - - - - This directive allows you to disable certain functions for - security reasons. It takes - on a comma-dilimited list of function names. disable_functions - is not affected by Safe Mode. - - - This directive must be set in &php.ini; For example, you - cannot set this in httpd.conf. - - - - - - - See also: register_globals, - display_errors, and - log_errors - - - - When safe_mode is on, PHP checks to see - if the owner of the current script matches the owner of the file to be - operated on by a file function. For example: - - - - Running this script.php - - -]]> - - results in this error when safe mode is enabled: - - - - - - However, there may be environments where a strict UID - check is not appropriate and a relaxed GID check is - sufficient. This is supported by means of the safe_mode_gid switch. Setting it to - On performs the relaxed GID checking, - setting it to Off (the default) performs - UID checking. - - - If instead of safe_mode, you set an - open_basedir directory then all - file operations will be limited to files under the specified directory - For example (Apache httpd.conf example): - - - php_admin_value open_basedir /docroot - -]]> - - If you run the same script.php with this - open_basedir setting - then this is the result: - - - - - - You can also disable individual functions. Note that the disable_functions - directive can not be used outside of the &php.ini; file which means that - you cannot disable functions on a per-virtualhost or per-directory basis - in your httpd.conf file. - If we add this to our &php.ini; file: - - - - Then we get this output: - - - - -
- - - Functions restricted/disabled by safe mode - - This is a still probably incomplete and possibly incorrect listing - of the functions limited by - safe mode. - - - Safe mode limited functions - - - - Function - Limitations - - - - - dbmopen - &sm.uidcheck; - - - dbase_open - &sm.uidcheck; - - - filepro - &sm.uidcheck; - - - filepro_rowcount - &sm.uidcheck; - - - filepro_retrieve - &sm.uidcheck; - - - ifx_* - sql_safe_mode restrictions, (!= safe mode) - - - - ingres_* - sql_safe_mode restrictions, (!= safe mode) - - - - mysql_* - sql_safe_mode restrictions, (!= safe mode) - - - - pg_loimport - &sm.uidcheck; - - - - posix_mkfifo - &sm.uidcheck.dir; - - - putenv - Obeys the safe_mode_protected_env_vars and - safe_mode_allowed_env_vars ini-directives. See also the documentation - on putenv - - - - move_uploaded_file - &sm.uidcheck; - - - - - - chdir - &sm.uidcheck.dir; - - - dl - &sm.disabled; - - - backtick operator - &sm.disabled; - - - shell_exec (functional equivalent - of backticks) - &sm.disabled; - - - exec - You can only execute executables within the safe_mode_exec_dir. - For practical reasons it's currently not allowed to have - .. components in the path to the executable. - - - system - You can only execute executables within the safe_mode_exec_dir. - For practical reasons it's currently not allowed to have - .. components in the path to the executable. - - - passthru - You can only execute executables within the safe_mode_exec_dir. - For practical reasons it's currently not allowed to have - .. components in the path to the executable. - - - popen - You can only execute executables within the safe_mode_exec_dir. - For practical reasons it's currently not allowed to have - .. components in the path to the executable. - - - - mkdir - &sm.uidcheck.dir; - - - rmdir - &sm.uidcheck; - - - rename - &sm.uidcheck; &sm.uidcheck.dir; - - - unlink - &sm.uidcheck; &sm.uidcheck.dir; - - - copy - &sm.uidcheck; &sm.uidcheck.dir; (on - source and - target) - - - chgrp - &sm.uidcheck; - - - chown - &sm.uidcheck; - - - chmod - &sm.uidcheck; In addition, you cannot - set the SUID, SGID and sticky bits - - - touch - &sm.uidcheck; &sm.uidcheck.dir; - - - symlink - &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is - checked) - - - link - &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is - checked) - - - getallheaders - In safe mode, headers beginning with 'authorization' - (case-insensitive) - will not be returned. Warning: this is broken with the aol-server - implementation of getallheaders! - - - header - In safe mode, the uid of the script is added to the - realm part of the - WWW-Authenticate header if you set this - header (used for HTTP Authentication). - - - PHP_AUTH variables - - In safe mode, the variables PHP_AUTH_USER, - PHP_AUTH_PW, and AUTH_TYPE - are not available in $_SERVER. Regardless, you - can still use REMOTE_USER for the USER. - (note: only affected since PHP 4.3.0) - - - - - highlight_file, - show_source - - - &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1) - - - - - parse_ini_file - - - &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1) - - - - Any function that uses - php4/main/fopen_wrappers.c - - ?? - - - -
-
-
- -
- - + + + + Safe Mode + + + The PHP safe mode is an attempt to solve the shared-server security + problem. It is architecturally incorrect to try to solve this + problem at the PHP level, but since the alternatives at the web + server and OS levels aren't very realistic, many people, + especially ISP's, use safe mode for now. + + + + Security and Safe Mode + + + Security and Safe Mode Configuration Directives + + + + Name + Default + Changeable + + + + + safe_mode + "0" + PHP_INI_SYSTEM + + + safe_mode_gid + "0" + PHP_INI_SYSTEM + + + safe_mode_include_dir + NULL + PHP_INI_SYSTEM + + + safe_mode_exec_dir + "" + PHP_INI_SYSTEM + + + safe_mode_allowed_env_vars + PHP_ + PHP_INI_SYSTEM + + + safe_mode_protected_env_vars + LD_LIBRARY_PATH + PHP_INI_SYSTEM + + + open_basedir + NULL + PHP_INI_SYSTEM + + + disable_functions + "" + PHP_INI_SYSTEM + + + +
+ For further details and definition of the PHP_INI_* constants see + ini_set. +
+ + Here is a short explanation of the configuration directives. + + + + safe_mode + boolean + + + + Whether to enable PHP's safe mode. Read the + Security and chapter for more + information. + + + + + + safe_mode_gid + boolean + + + + By default, Safe Mode does a UID compare check when + opening files. If you want to relax this to a GID compare, + then turn on safe_mode_gid. + Whether to use UID (&false;) or + GID (&true;) checking upon file + access. + + + + + + safe_mode_include_dir + string + + + + UID/GID checks are bypassed when + including files from this directory and its subdirectories (directory + must also be in include_path + or full path must including). + + + As of PHP 4.2.0, this directive can take a semi-colon separated + path in a similar fashion to the + include_path directive, + rather than just a single directory. + + + The restriction specified is actually a prefix, not a directory name. + This means that "safe_mode_include_dir = /dir/incl" also allows + access to "/dir/include" and "/dir/incls" if they exist. When you + want to restrict access to only the specified directory, end with a + slash. For example: "safe_mode_include_dir = /dir/incl/" + + + + + + safe_mode_exec_dir + string + + + + If PHP is used in safe mode, system and the other + functions executing system programs + refuse to start programs that are not in this directory. + + + + + + safe_mode_allowed_env_vars + string + + + + Setting certain environment variables may be a potential security breach. + This directive contains a comma-delimited list of prefixes. In Safe Mode, + the user may only alter environment variables whose names begin with the + prefixes supplied here. By default, users will only be able to set + environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). + + + + If this directive is empty, PHP will let the user modify ANY + environment variable! + + + + + + + safe_mode_protected_env_vars + string + + + + This directive contains a comma-delimited list of environment + variables that the end user won't be able to change using + putenv. These variables will be protected + even if safe_mode_allowed_env_vars is set to allow to change them. + + + + + + open_basedir + string + + + + Limit the files that can be opened by PHP to the specified + directory-tree, including the file itself. This directive + is NOT affected by whether Safe Mode is + turned On or Off. + + + When a script tries to open a file with, + for example, fopen or gzopen, the location of the file is + checked. When the file is outside the specified directory-tree, + PHP will refuse to open it. All symbolic links are resolved, + so it's not possible to avoid this restriction with a symlink. + + + The special value . + indicates that the directory in which the script is stored will + be used as base-directory. + + + Under Windows, separate the directories with a semicolon. On all + other systems, separate the directories with a colon. As an Apache + module, open_basedir paths from parent directories are now + automatically inherited. + + + The restriction specified with open_basedir is actually a + prefix, not a directory name. This means that "open_basedir = + /dir/incl" also allows access to "/dir/include" and + "/dir/incls" if they exist. When you want to restrict access + to only the specified directory, end with a slash. For example: + "open_basedir = /dir/incl/" + + + + Support for multiple directories was added in 3.0.7. + + + + The default is to allow all files to be opened. + + + + + + disable_functions + string + + + + This directive allows you to disable certain functions for + security reasons. It takes + on a comma-dilimited list of function names. disable_functions + is not affected by Safe Mode. + + + This directive must be set in &php.ini; For example, you + cannot set this in httpd.conf. + + + + + + + See also: register_globals, + display_errors, and + log_errors + + + + When safe_mode is on, PHP checks to see + if the owner of the current script matches the owner of the file to be + operated on by a file function. For example: + + + + Running this script.php + + +]]> + + results in this error when safe mode is enabled: + + + + + + However, there may be environments where a strict UID + check is not appropriate and a relaxed GID check is + sufficient. This is supported by means of the safe_mode_gid switch. Setting it to + On performs the relaxed GID checking, + setting it to Off (the default) performs + UID checking. + + + If instead of safe_mode, you set an + open_basedir directory then all + file operations will be limited to files under the specified directory + For example (Apache httpd.conf example): + + + php_admin_value open_basedir /docroot + +]]> + + If you run the same script.php with this + open_basedir setting + then this is the result: + + + + + + You can also disable individual functions. Note that the disable_functions + directive can not be used outside of the &php.ini; file which means that + you cannot disable functions on a per-virtualhost or per-directory basis + in your httpd.conf file. + If we add this to our &php.ini; file: + + + + Then we get this output: + + + + +
+ + + Functions restricted/disabled by safe mode + + This is a still probably incomplete and possibly incorrect listing + of the functions limited by + safe mode. + + + Safe mode limited functions + + + + Function + Limitations + + + + + dbmopen + &sm.uidcheck; + + + dbase_open + &sm.uidcheck; + + + filepro + &sm.uidcheck; + + + filepro_rowcount + &sm.uidcheck; + + + filepro_retrieve + &sm.uidcheck; + + + ifx_* + sql_safe_mode restrictions, (!= safe mode) + + + + ingres_* + sql_safe_mode restrictions, (!= safe mode) + + + + mysql_* + sql_safe_mode restrictions, (!= safe mode) + + + + pg_loimport + &sm.uidcheck; + + + + posix_mkfifo + &sm.uidcheck.dir; + + + putenv + Obeys the safe_mode_protected_env_vars and + safe_mode_allowed_env_vars ini-directives. See also the documentation + on putenv + + + + move_uploaded_file + &sm.uidcheck; + + + + + + chdir + &sm.uidcheck.dir; + + + dl + &sm.disabled; + + + backtick operator + &sm.disabled; + + + shell_exec (functional equivalent + of backticks) + &sm.disabled; + + + exec + You can only execute executables within the safe_mode_exec_dir. + For practical reasons it's currently not allowed to have + .. components in the path to the executable. + + + system + You can only execute executables within the safe_mode_exec_dir. + For practical reasons it's currently not allowed to have + .. components in the path to the executable. + + + passthru + You can only execute executables within the safe_mode_exec_dir. + For practical reasons it's currently not allowed to have + .. components in the path to the executable. + + + popen + You can only execute executables within the safe_mode_exec_dir. + For practical reasons it's currently not allowed to have + .. components in the path to the executable. + + + + mkdir + &sm.uidcheck.dir; + + + rmdir + &sm.uidcheck; + + + rename + &sm.uidcheck; &sm.uidcheck.dir; + + + unlink + &sm.uidcheck; &sm.uidcheck.dir; + + + copy + &sm.uidcheck; &sm.uidcheck.dir; (on + source and + target) + + + chgrp + &sm.uidcheck; + + + chown + &sm.uidcheck; + + + chmod + &sm.uidcheck; In addition, you cannot + set the SUID, SGID and sticky bits + + + touch + &sm.uidcheck; &sm.uidcheck.dir; + + + symlink + &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is + checked) + + + link + &sm.uidcheck; &sm.uidcheck.dir; (note: only the target is + checked) + + + getallheaders + In safe mode, headers beginning with 'authorization' + (case-insensitive) + will not be returned. Warning: this is broken with the aol-server + implementation of getallheaders! + + + header + In safe mode, the uid of the script is added to the + realm part of the + WWW-Authenticate header if you set this + header (used for HTTP Authentication). + + + PHP_AUTH variables + + In safe mode, the variables PHP_AUTH_USER, + PHP_AUTH_PW, and AUTH_TYPE + are not available in $_SERVER. Regardless, you + can still use REMOTE_USER for the USER. + (note: only affected since PHP 4.3.0) + + + + + highlight_file, + show_source + + + &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1) + + + + + parse_ini_file + + + &sm.uidcheck; &sm.uidcheck.dir; (note: only affected since PHP 4.2.1) + + + + Any function that uses + php4/main/fopen_wrappers.c + + ?? + + + +
+
+
+ +
+ +