Python Community Server: Development

Richard Bellavance and Paul have added more comments to the thread about PHP safe mode. Richard points out that the host can tell safe mode to only check GIDs, not UIDs, and Paul mention's Pair Networks' php-cgiwrap, a modification of cgiwrap that works for PHP.

The latter is what I want, as it would allow me to set the permissions on the data files so that nobody else on the server could access them. However, it requires that PHP is run as a CGI, which negates the whole point of using PHP, which is that it's fast. The former is fast, but not so secure.

As such, it looks like it is possible to have a server where everyone's scripts work and nobody can hack anyone (which I claimed was impossible the other day ;-), but it requires you to either run everything as CGI (under cgiwrap) or run only PHP (in safe mode, with safe_mode_gid set).

Amusingly enough, most hosts these days seem to permit use of CGI without cgiwrap, which means that most bloggers out there using MT, GM or b2 on shared servers are rather more vulnerable than they expected. To find out, look in the CGI setup documentation for your host and look for something like "Also make sure that you CHMOD the scripts to 755". If you can't run scripts with permissions of 700 , you are probably vulnerable. Anybody else on the server can read passwords out of config files with perms of 644, and can write to config files set to 666. There's a plus for Radio, CityDesk and Blogger. Maybe FTPing static HTML up to a dumb server ain't that bad an idea after all.