I've got a sticky question in my mind: safe_mode has removed in PHP 5.4, so what is the security in this removal?
Does it mean that any application can execute any program?
What technique is used for this purpose to prevent such violent actions?
This article Will explain you why safe_mode has never made a single bit of sense and only provides you a false sense of security.
safe_mode was trying to solve a security problem with the wrong tool. Since shared webhosts often host thousands of websites on one server, safe_mode was a convienent (and entirely inappropriate) method to restrict the damage one could do with PHP.
It was an illusion more than anything else. Though PHP may have been protected with safe_mode, what about other languages like Python and Ruby? The proper method is to use default linux file permissions and modules like suPHP which run PHP as restricted users.
来源:https://stackoverflow.com/questions/9763531/where-is-the-security-in-php-5-4-by-removing-safe-mode