as the Debian developers consider safe_mode (which will not make it into PHP6) and open_basedir inherently broken security measures, I wonder if they can be considered replaceable by mod_suexec combined with mod_fcgid. Do you think this is valid?
Kind regards, Benjamin.
I would suggest that given appropriate file permissions in the filesystem, using
suexec
with PHP would be acceptable to replacesafe_mode
. This is simply because you are allowing the filesystem to prevent file access instead of letting PHP do it for you, which is considered broken and therefore removed as of PHP 5.4.open_basedir
does have some issues that make it broken, such as the fact that there is a bad race condition related to symlink replacement, and therefore it probably shouldn't be used. I'm not aware that it is being removed from PHP and I would assume they would try to tighten that up someday. I wouldn't rely on it.suexec
won't solve this problem, though. For example, if you want to prevent a PHP script from accessing/etc/passwd
, there is nothing thatsuexec
will do to prevent it since that's always a world-readable file.open_basedir
would possibly prevent that from happening if it weren't for that pesky race condition. I don't thinksuexec
solves this part and I'm not sure what would solve it aside from using achroot
in some fashion.