SAFE_MODE in PHP

Anon

I've been trying to construct a Web Hosting site using SAFE_MODE and "open_basedir ." to avoid the code from one client to access files from another (each client has a diferent directory). PHP 4.0 promises to check SAFE_MODE in whatever disk access operation, but I've found it only works with these functions:
fopen, readfile, dir, file, touch, popen
and not with:
mkdir, rmdir, link, unlink, copy,
so anyone can unlink files from another or copy one file to another location.

Does anyone know how can I get these functions work checking SAFE_MODE?

And It has been impossible to make disable_functions work, son anoybody knows the exact sintaxis for this function?

PHP version is 4.02 php-4.0.1pl2.

Anon

Hello Rafael,

I have some questions for you. First is to know where did you find 'open_basedir'. I guess it should be in your 'php.ini' file, but I have been looking for it but I didn't find it.

Second question: Did you already have a solution to your problem...? I you do, please share your ideas here to get a better approach.

Thanks in advance and best regards from Spain.

Toni

Anon

Hi everybody;
Finally I had to rewrite the original code of PHP to introduce SAFE_MODE and open_basedir in some functions that did not implement this. I have changed the name of these functions into a personal structure.
Finally, I have prepended a file with the functions overwritten referring open_basedir carefully to maintain security restrictions, calling opendir functions first, and if the test goes well (no restrictions), I call the original functions.

It is the unique soluctions I have found to this lack of security, getting profit from SAFE_MODE.

I think this is a work to do in future versions,

I hope this could help anyone,
Rafa.