Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Safe Mode Restriction in Effect  (Read 52152 times)

0 Members and 1 Guest are viewing this topic.

hyperion

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Posts: 1317
  • - retired -
Safe Mode Restriction in Effect
« on: April 30, 2004, 03:29:18 am »

Relevant php.ini settings:

Code: [Select]
; Safe Mode
;
safe_mode = Off

; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
safe_mode_gid = Off

; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
safe_mode_include_dir =

; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
safe_mode_exec_dir =


Safe mode is enhanced security environment for PHP. Coppermine has no issues with safe mode when it is properly configured for use with Coppermine.  However, safe mode configurations are often improper or designed without considering group/user/server issues for autonomous scripts. 

Two primary issues may arise in Coppermine with safe mode enabled.  The first occurs when uploading. Normally, each user receives his or her own directory for uploads, and the directory is created by Coppermine. In certain safe mode environments, the owner of the /albums directory and the server are not considered to be the same user. Thus the server is not allowed to create new directories within /albums. Coppermine can sidestep this by refraining from creating new directories if the Silly Safe Mode constant is added to /include/config.inc.php. 

Code: [Select]
define('SILLY_SAFE_MODE', 1);

This issue may also occur if safe_mode_gid is enabled, but the /albums owner and the server are not of the same group.

The second issue arises when trying to use Image Magick.  Image Magick must be within php.ini's designated safe_mode_exec_dir in order for Coppermine to be able to use IM while operating in safe mode. Also, the exec() function must not be disabled.
« Last Edit: January 01, 2005, 08:10:31 pm by GauGau »
Logged
"Then, Fletch," that bright creature said to him, and the voice was very kind, "let's begin with level flight . . . ."

-Richard Bach, Jonathan Livingston Seagull

(http://www.mozilla.org/products/firefox/buttons/getfirefox_small.png)

steveman2000

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Safe Mode Restriction in Effect
« Reply #1 on: December 28, 2004, 07:53:45 pm »

help....

i did what u say about the define(.....

but every now and again i get

Warning: chmod(): SAFE MODE Restriction in effect. The script whose uid is 10681 is not allowed to access albums/userpics/10001/web004.jpg owned by uid 2525 in /usr/local/psa/home/vhosts/containerengineering.co.uk/httpdocs/g/upload.php on line 2229

Warning: getimagesize(): SAFE MODE Restriction in effect. The script whose uid is 10681 is not allowed to access albums/userpics/10001/web004.jpg owned by uid 2525 in /usr/local/psa/home/vhosts/containerengineering.co.uk/httpdocs/g/include/picmgmt.inc.php on line 109

Warning: getimagesize(albums/userpics/10001/web004.jpg): failed to open stream: Unknown error: 0 in /usr/local/psa/home/vhosts/containerengineering.co.uk/httpdocs/g/include/picmgmt.inc.php on line 109

help...

<<UPDATE>>
Um prob fixed!... a minor mistake that i over looked....
« Last Edit: September 26, 2005, 10:16:32 am by GauGau »
Logged

Clampner

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Safe Mode Restriction in Effect
« Reply #2 on: January 16, 2005, 11:36:25 pm »

Server restrictions (safe mode)?
------------------
Directive | Local Value | Master Value
safe_mode | On | Off
safe_mode_exec_dir | /srv/www/htdocs/empty/ | no value
safe_mode_gid | Off | Off
safe_mode_include_dir | no value | no value
safe_mode_exec_dir | /srv/www/htdocs/empty/ | no value
sql.safe_mode | Off | Off
disable_functions | no value | no value
file_uploads | On | On
include_path | .:/usr/share/php | .:/usr/share/php
open_basedir | /srv/www/htdocs/web0/ | no value
==========================


How can i switch the local Value of Safe Mode to off ?
I have the Safe mode problem. in my php.ini i switch the safe mode to off, but in debug modus it is on (local value).
My Friend use the same gallery with the same setup and php.ini. He just changed name, faq and deleted users.
« Last Edit: January 17, 2005, 12:03:27 am by Clampner »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Safe Mode Restriction in Effect
« Reply #3 on: January 17, 2005, 05:41:27 am »

did you actually read the thread you were replying to? Hyperion's post has all relevant data, as well as the documentation that comes with coppermine.

Joachim
Logged

Kapu

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 6
    • United-Ks
Re: Safe Mode Restriction in Effect
« Reply #4 on: January 29, 2005, 07:33:47 pm »

Warning: SAFE MODE Restriction in effect. The script whose uid is 1013 is not allowed to access albums/userpics/10001/logo.jpg owned by uid 33 in /var/www/blubb/members/kapu/Die offizielle United-Ks Website-Dateien/Inhalt/Galerie/pic/cpg1.3.2/cpg132/upload.php on line 2229

Warning: SAFE MODE Restriction in effect. The script whose uid is 1013 is not allowed to access albums/userpics/10001/logo.jpg owned by uid 33 in /var/www/blubb/members/kapu/Die offizielle United-Ks Website-Dateien/Inhalt/Galerie/pic/cpg1.3.2/cpg132/include/picmgmt.inc.php on line 118

Warning: getimagesize: Unable to open 'albums/userpics/10001/logo.jpg' for reading. in /var/www/blubb/members/kapu/Die offizielle United-Ks Website-Dateien/Inhalt/Galerie/pic/cpg1.3.2/cpg132/include/picmgmt.inc.php on line 118

---

What did I do wrong? I have no clue???
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Safe Mode Restriction in Effect
« Reply #5 on: January 30, 2005, 08:44:42 am »

did you actually read this thread? Did you apply the change mentioned? I doubt that a path containing spaces is a good idea at all:
Quote
/var/www/blubb/members/kapu/Die offizielle United-Ks Website-Dateien/Inhalt/Galerie/pic/cpg1.3.2/cpg132/include/picmgmt.inc.php

Joachim
Logged

Kapu

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 6
    • United-Ks
Re: Safe Mode Restriction in Effect
« Reply #6 on: January 30, 2005, 05:26:08 pm »

Das geht doch auch auf deutsch, oder???

Also du meinst, ich solle die Lehrzeichen ruasnehmen, dann würde das gehen???

Obwohl ich die Datei geändert habe, kommt das immer : "Die vorhergehende Datei konnte nicht gesetzt werden.

Alle Dateien wurden erfolgreich Alben zugeordnet."
« Last Edit: January 30, 2005, 05:48:24 pm by Kapu »
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Safe Mode Restriction in Effect
« Reply #7 on: January 30, 2005, 06:04:34 pm »

Post in English please.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Safe Mode Restriction in Effect
« Reply #8 on: January 30, 2005, 11:23:48 pm »

Das geht doch auch auf deutsch, oder???

Also du meinst, ich solle die Lehrzeichen ruasnehmen, dann würde das gehen???

Obwohl ich die Datei geändert habe, kommt das immer : "Die vorhergehende Datei konnte nicht gesetzt werden.

Alle Dateien wurden erfolgreich Alben zugeordnet."
nein, geht nicht: http://coppermine.sourceforge.net/faq.php#nonEnglishPosting
(http://coppermine.sourceforge.net/demo/images/flags/de.gif)Ich hab' mich darüber schon lang und breit ausgelassen und werd's an dieser Stelle nicht wiederholen, warum ich keinen support auf Deutsch leiste.
(http://coppermine.sourceforge.net/demo/images/flags/gb.gif)No, there's no German support from me: http://coppermine.sourceforge.net/faq.php#nonEnglishPosting
I have posted before why I won't, so I won't repeat this here.

Joachim
Logged

Kapu

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 6
    • United-Ks
Re: Safe Mode Restriction in Effect
« Reply #9 on: February 03, 2005, 10:57:41 am »

Joachim ist sehr unfreundlich zu mir.

Joachim is not very nice to me.

Joachim n'est pas très ...nice.

Oh man, I got it!!!
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Safe Mode Restriction in Effect
« Reply #10 on: February 03, 2005, 11:07:59 am »

Attitude does not get you anywhere on this board. We are all here to help in our free/work time and you as user are expected to thoroughly read the faq and search the board before posting. Giving back answers like this is not the way you pay respect to those who help out  :-* Think before you post!

Logged

normal

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
    • Normal Design
Re: Safe Mode Restriction in Effect
« Reply #11 on: April 01, 2005, 06:00:30 pm »

I've read this thread twice now, and I understand what its about as well as anyone unfamiliar with php code is going to understand it.  I followed the instructions and added the code:

define('SILLY_SAFE_MODE', 1);

to config.inc.php

When I tried to upload it returned a "critical error" regarding a "parameter ()".

Forgive my total ignorance, but where and how exactly am I supposed to add the above snippet of code to the config.inc.php file?

Thanks,
David Normal

http://www.normal-design.com/copper-gallery



Logged

Nibbler

  • Guest
Re: Safe Mode Restriction in Effect
« Reply #12 on: April 01, 2005, 06:08:15 pm »

It can go anywhere that is valid php syntax -  exact positioning is not important, the default location is here:

Code: [Select]
<?php
// Coppermine configuration file

define('SILLY_SAFE_MODE'1);


// MySQL configuration
$CONFIG['dbserver'] =                         'localhost';        // Your databaseserver
$CONFIG['dbuser'] =                         'root';        // Your mysql username
$CONFIG['dbpass'] =                         '';                // Your mysql password
$CONFIG['dbname'] =                         'coppermine';        // Your mysql database name


// MySQL TABLE NAMES PREFIX
$CONFIG['TABLE_PREFIX'] =                'cpg132_';
?>
Logged

normal

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
    • Normal Design
Re: Safe Mode Restriction in Effect
« Reply #13 on: April 02, 2005, 04:49:18 pm »

Thanks for that, Nibbler.

I pasted it up exactly as you show, however I am still getting:

"Critical Error:  Script called without the required parameter(s). "

What can I do about this?

- David
Logged

normal

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
    • Normal Design
Re: Safe Mode Restriction in Effect
« Reply #14 on: April 02, 2005, 05:05:03 pm »

Well, now its working without adding the "Silly Safe Mode" code.  Why it was not working previously, and now is I do not know.

Perhaps, I'm missing something, but is the above command actually just telling the PHP safety mode that it is being silly?

- David
Logged

globalisation

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Safe Mode Restriction in Effect
« Reply #15 on: October 06, 2005, 09:05:09 am »

hello. I have resolved my problem to about the safe mode.
I had to include the silly safe mode function in the upload.php file and the picmgmt.inc file to . and the config.inc.php file
thank you all for the support
Logged

vici

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 38
Re: Safe Mode Restriction in Effect
« Reply #16 on: January 11, 2006, 08:53:32 pm »

hello. I have resolved my problem to about the safe mode.
I had to include the silly safe mode function in the upload.php file and the picmgmt.inc file to . and the config.inc.php file
thank you all for the support
thanks hun
you really made my day  :-*
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Safe Mode Restriction in Effect
« Reply #17 on: January 11, 2006, 10:04:16 pm »

I had to include the silly safe mode function in the upload.php file and the picmgmt.inc file to . and the config.inc.php file
that's just wrong. Locking this thread to avoid individual requests cluttering this sticky thread even more. *sigh*
Logged
Pages: [1]   Go Up
 

Page created in 0.034 seconds with 19 queries.