The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.
Warning : Safe Mode was removed in PHP 6.0.0.
Security and Safe Mode Configuration Directives
Name Default Changeable Changelog
safe_mode "0" PHP_INI_SYSTEM
safe_mode_gid "0" PHP_INI_SYSTEM Available since PHP 4.1.0.
safe_mode_include_dir NULL PHP_INI_SYSTEM Available since PHP 4.1.0.
safe_mode_exec_dir "" PHP_INI_SYSTEM
safe_mode_allowed_env_vars "PHP_" PHP_INI_SYSTEM
safe_mode_protected_env_vars "LD_LIBRARY_PATH" PHP_INI_SYSTEM
open_basedir NULL PHP_INI_SYSTEM
disable_functions "" php.ini only Available since PHP 4.0.1.
disable_classes "" php.ini only Available since PHP 4.3.2.
Note: When safe mode is enabled, you can only execute executables within the safe_mode_exec_dir.
There are a number of variables in php.ini related to the security of your PHP installation. The most interesting of these is the safe_mode variable, recommended for ISPs and shared-hosting services as it limits the things a user can do with PHP:
safe_mode = Off
With safe mode turned on, you can specify which directories are searched for files with the safe_mode_include_dir variable. You can also restrict the types of programs a PHP script can run with the exec() command by placing the program binaries in a special directory and telling PHP about it via the safe_mode_include_dir variable. Only binaries in this directory will be accessible via exec():
safe_mode_include_dir = /usr/local/lib/php/safe-include
safe_mode_exec_dir = /usr/local/lib/php/safe-bin
