Warning message since upgrade to beta version

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
accampbell
Regular
Posts: 138
Joined: Fri Jun 09, 2006 8:59 pm
Location: London, UK
Contact:

Warning message since upgrade to beta version

Post by accampbell »

Since upgrading to the beta version I get the following message when saving a post:

Warning: event_hook(): SAFE MODE Restriction in effect. The script whose
uid is 2669 is not allowed to access /usr/share/php/XML/RPC.php owned by
uid 0 in
/users/a/acampbell/website/serendipity/plugins/serendipity_event_weblogping
/serendipity_event_weblogping.php
on line 150

Any way to prevent this?
Anthony Campbell
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Warning message since upgrade to beta version

Post by garvinhicking »

Hi!

Serendipity tries to include PEAR modules from the server'S "include_path" setting.

Please ask your hosting provider to change the PHP setup so that either safe mode is deactivated, or properly setup. A proper setup requires the "include_path" setting not to point to directories that you have no permission to.

HTH and best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
accampbell
Regular
Posts: 138
Joined: Fri Jun 09, 2006 8:59 pm
Location: London, UK
Contact:

Post by accampbell »

Is this something new in the beta version? Should I revert to the previous version or does it not matter?
Anthony Campbell
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Hi!

Yes, this is a new feature of Serendipity 1.1.

You can revert, but then you will never be able to upgrade to Serendipity 1.1. You should better ask your server admin to properly setup the PHP environment. Putting a directory into your include_path that you have no access to is not very good.

Serendipity honours local PEAR installations to better help server admins in maintaining central scripts.

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
accampbell
Regular
Posts: 138
Joined: Fri Jun 09, 2006 8:59 pm
Location: London, UK
Contact:

Post by accampbell »

OK, I'll try and see what happens.
Anthony Campbell
accampbell
Regular
Posts: 138
Joined: Fri Jun 09, 2006 8:59 pm
Location: London, UK
Contact:

Follow-up after contacting ISP

Post by accampbell »

My ISP admin is not willing to modify the php setup on grounds of security.

I have therefore commented out the relevant lines in serendipity_event_weblogping, which eliminates the error message. I presume this will not have any adverse effects?
Anthony Campbell
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Follow-up after contacting ISP

Post by garvinhicking »

Hi!

What is that for an ISP? He has setup your PHP ****WRONG***. It includes settings that are NOT WORKABLE in your case and only makes PEAR inclusion fail.

You should move to a different ISP, if that one is incompetent. I'm sorry.

If you uncomment the lines, of course the ping plugin will not work. Other plugins that rely on PEAR (spartacus, simplecache) might not work either.

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
accampbell
Regular
Posts: 138
Joined: Fri Jun 09, 2006 8:59 pm
Location: London, UK
Contact:

Post by accampbell »

Changing ISP is not really an option, since I've just moved after a lot of trouble and this is one of the few linux-specific ISPs in the UK. My previous one didn't allow me to use Serendipity at all.

I'm being caught in the cross-fire here. My ISP admin says:

==========================================
The problem here is that the writers of Serendipity think their
application is more important than host security and utility for other
users and it is not.

Safe mode is not being removed and PHP is configured to include the Pear
libraries read only. If the configuration seeks to read them properly it
would work.
==============================================

I presume some of the things at least in rhe relevant plugin are still working. Could I revert to the previous version of the plugin?
Anthony Campbell
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Hi!
I'm being caught in the cross-fire here. My ISP admin says:
I'm sorry that you are caught here.

We are not requesting to deactivate SafeMode!

Let me put this situation in plain sight for your ISP, and feel free to forward it to them:

Serendipity takes preference of the 'include_path' setting that is configured in the PHP.ini / VHost.

When Serendipity tries to include a plugin that relies on PEAR, it will first try to include the file from the configured 'include_path'. Only if in that path PEAR was not found it advances to the end of the 'include_path' setting, where the current serendipity Path has been configured.

That means, only if the PHP configuration advocates that PEAR is installed and usable, Serendipity will rely on that and use the hoster configured PEAR library. This actually enforces a hosting provider's security because natively installed PEAR will take precedence.

Your current configuration advocates that PEAR is installed in /usr/local/lib. However you cannot access that installation because of SafeMode.

Now, if some files are installed but should not made be available, why advocate them in include_path? The ovious reason for your ISP is to REMOVE the /usr/local/lib path from PHPs include_path setting, as you as a customer are not able to access that path.

The other option is of course to grant access for PHP to /usr/local/lib's PEAR, which would make the most sense of all.

This is all a matter of a wrong configured include_path in conjunction with SafeMode. Neither SafeMode nor include_path itself are what we want to change. It's just that the comibination of both in your current setup is useless and leads to the errors stated by you. :-)

I'm sorry for maybe sounding rude, this is usually not my style. But I feel offended if someone accusses an application of misbehaving when in fact it is the configuration that is misbehaving. ;)

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
accampbell
Regular
Posts: 138
Joined: Fri Jun 09, 2006 8:59 pm
Location: London, UK
Contact:

Post by accampbell »

Thanks; all this is well beyone my very basic understanding of php. I will forward your comments to Jason as you suggest.
Anthony Campbell
judebert
Regular
Posts: 2478
Joined: Sat Oct 15, 2005 6:57 am
Location: Orlando, FL
Contact:

Post by judebert »

I understand your problem; I wish it was easier to sort this stuff out. Garvin's usually very mild, but I understand his reaction. That sysop needs to be kicked, very hard. His response was utterly rude.

And what Garvin said was absolutely correct. Serendipity doesn't need to overwrite safe_mode, although some of its convenience functions (like SPARTACUS) don't work without it. In fact, far from thinking "their
application is more important than host security", Garvin is actually forcing Serendipity to follow the host configuration. They just goofed up their config by specifying a path to PHP modules that's invalid in safe_mode.

I hate to even consider catering to these people, but... Garvin, could we add a configuration option to force using the bundled libraries? It would sure make things a lot easier for accampbell and other folks caught by incompetent hosting services.
Judebert
---
Website | Wishlist | PayPal
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Hi Judebert!
I hate to even consider catering to these people, but... Garvin, could we add a configuration option to force using the bundled libraries? It would sure make things a lot easier for accampbell and other folks caught by incompetent hosting services.
Sure, it's already in. Just set $serendipity['use_PEAR'] = false in serendipity_config.inc.php or serendipity_config_local.inc.php. I actually forgot about this, because this should really be the last resort. :)

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
WebReiter
Regular
Posts: 23
Joined: Sun Sep 03, 2006 2:35 pm
Location: Jülich, Germany

Post by WebReiter »

Hello,

i have the sam problem like accampbell. But i don't know a lot about server-configuration.

For dummys: in the phpinfo() is

Code: Select all

include_path	.:/usr/share/php	.:/usr/share/php
Does it you mean to remove .:/usr/share/php from include_path?

Best Regards
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Hi!

Exactly, this path needs to be removed from the include_path setting. Usually only the admin with access to the httpd.conf or php.ini can do that.

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
WebReiter
Regular
Posts: 23
Joined: Sun Sep 03, 2006 2:35 pm
Location: Jülich, Germany

Post by WebReiter »

Thanks, it works now.
Post Reply