Making PHP secure ?

Just in case you didn't understand the question.

Put this on you webserver and retrieve it via http (with php enabled).

code:

<html>
	<body>
		<?php
			function myPerms( $file ){
				$perms = fileperms( $file );
				$owner = fileowner( $file );
				$uid = getmyuid( );
				$myP[ "r" ] = 0;
				$myP[ "w" ] = 0;
				$myP[ "x" ] = 0;
				if( $uid == $owner ){
					$myP[ "r" ] = ( $perms & 00400 ) ? 1 : 0;
					$myP[ "w" ] = ( $perms & 00200 ) ? 1 : 0;
					$myP[ "x" ] = ( $perms & 00100 ) ? 1 : 0;					
				}else{
					$myP[ "r" ] = ( $perms & 00004 ) ? 1 : 0;
					$myP[ "w" ] = ( $perms & 00002 ) ? 1 : 0;
					$myP[ "x" ] = ( $perms & 00001 ) ? 1 : 0;									
				}
				$myP[ "txt" ] =  ( $myP[ "r" ] ? "r" : "-" ).( $myP[ "w" ] ? "w" : "-" ).( $myP[ "x" ] ? "x" : "-" );
				return( $myP );				
			}
			function ls( $dir = "/", $lvl = 0 ){
				$hdir = opendir( $dir );
				while( $file = readdir( $hdir ) ){
					$myP = myPerms( $dir."/".$file );
					if( $myP[ "r" ]==1 AND $myP[ "x" ]==1 ){
					if( !strcmp( $file, "." )==0 ){
					if( !strcmp( $file, ".." )==0 ){					
						for( $l=0; $l<$lvl; $l++ ){
							print "-->";
						}
						print "(".$myP[ "txt" ].")".$file."<br>";
						if( is_dir( $dir."/".$file ) ){
							ls( $dir."/".$file, $lvl+1 );
						}
					} } }
				}
				closedir( $hdir );
			}
			ls(  );
		?>
	</body>
</html>
[/code] 

Yes,

but by this I would loose the persistency.
Right ?

And most of the hosts don't have cgiwrap anyway

I think there should be an option in PHP to honor the suid-bit on php files.