Question Safe mode or base dir problem

[trafficmedia]

Hello,

The new version (BETA) of VBOptimise CDN can't be run in safe mode or if base dir on.
Warning: curl_setopt_array() [function.curl-setopt-array]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in [path]/vboptimise/cdn/amazon_s3/cdn.php on line 100

Please look at: http://www.edmondscommerce.co.uk/curl/php-curl-curlopt_followlocation-and-open_basedir-or-safe-mode/
Another source: http://antczak.org/2009/12/curl-rozwiazanie-problemu-z-curlopt_followlocation/

Best regards,
T

 

[Fillip H.]

Perhaps this would have been better suited as a Bug rather than a Question, I don't see any questions in your post

 

[trafficmedia]

Ok, so sorry - please change to a bug.

Best regards,
T

 

[Fillip H.]

We can't change the category, there's different questions and answers that are required for each category.

In any case, I'll see about getting this fixed
In the meantime, is there a particular reason you are running with safe mode / open basedir? They really don't provide any noticeable security improvements from my experiences, I personally have access to a PHP Shell script that is completely unaffected by either of those methods, so long as it has been uploaded to a directory that is CHMOD writable (such as the vbulletin_css folder, the sitemap folder or any of vBSEO's data writing folders.)

 

[trafficmedia]

We can't change the category, there's different questions and answers that are required for each category.

In any case, I'll see about getting this fixed
In the meantime, is there a particular reason you are running with safe mode / open basedir? They really don't provide any noticeable security improvements from my experiences, I personally have access to a PHP Shell script that is completely unaffected by either of those methods, so long as it has been uploaded to a directory that is CHMOD writable (such as the vbulletin_css folder, the sitemap folder or any of vBSEO's data writing folders.)

Hello,

I start using safe_mode and open_base_dir 3 month ago, after hacked (shell r57 in vboptimise folder) - It is very seorius for me and other your clients.

 

[Fillip H.]

The only shell I know about is the c99 one, and that works in safe mode and with open_basedir on.

The steps you should take to ensure your security without compromising functionality is:
* Ensure only your absolutely trusted admins have Can Administer Products - this permission can be used to upload the shell script.
* Ensure no scripts that can upload files write inside the /www or /public_html folders. This would be a major security issue on many levels.

open_basedir and Safe Mode won't protect you from uploads to writable folders.

 

[trafficmedia]

The only shell I know about is the c99 one, and that works in safe mode and with open_basedir on.

The steps you should take to ensure your security without compromising functionality is:
* Ensure only your absolutely trusted admins have Can Administer Products - this permission can be used to upload the shell script.
* Ensure no scripts that can upload files write inside the /www or /public_html folders. This would be a major security issue on many levels.

open_basedir and Safe Mode won't protect you from uploads to writable folders.

Yes, of course your tips are used by us from long time ago.

Safe mode in PHP> = 5.3 has been deprecated, so safe_mode feature is disabled. But basedir must be enabled (for security reasons).
Please look at our phpinfo: http://precyl.pl/iixx1.php

 

[trafficmedia]

Any solutions?

 

[Cosmic]

Could you let us know which CDN you are using? After a quick browse I have discovered some CDNs will not work with open_basedir enabled.

 

[trafficmedia]

Warning: curl_setopt_array() [function.curl-setopt-array]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in [path]/vboptimise/cdn/amazon_s3/cdn.php on line 100

amazon s3, this can be problematic for many customers.

 

[Cosmic]

amazon s3, this can be problematic for many customers.

Unfortunately if the CDN itself is the issue, it's not likely to be something we can fix - equally we cannot guarantee it will work with every server configuration, so if you absolutely *must* have a non-standard server config like open_basedir turned on then you may be unable to use that feature.

Fillip H. and David will look into it to see if they can find a solution though. Failing that you will have to choose between the CDN and open_basedir.

Cosmic