Safe Mode is deprecated as 5.3.0. I have never really required it and rather found it problematic many times in the past due to permission errors, etc.
However I now have a requirement where I think safe mode would have done great.
I have built a web application which is extensible via modules. I plan on hosting the system myself and allowing paying customers to extend their software by implementing and writing modules which hook into the various parts of the system.
My concern is, by doing so, I have no way of ensuring the code they uploaded is not scanning the foundation/framework I have spent literally years designing and testing. Keep the code proprietary is of great interest to me.
I write a module analysis tool to ensure no illegal methods are being invoked in third party modules - not easy!!!
I Disable harmful functions at the php.ini level but this includes fopen() and it's ilk - this means the framework won't be able to call it's own include() operations and such.
Lastly and sadly obsolete, safe mode to restrict user modules from being able to read files which do not share the same ID, group, etc.
What is the recommended approach to such a thing? Short of manually reviewing or auto-analysing each module before being executed in the context of my framework?
Instead of safemode, you can use php-fpm with chroot, per user permissions in mod_ruid and php-fpm, and opendir restriction in php. This way, you can make it much more strict then safe mode could ever.
Personally, I would recommend php-fpm with chroot and disabling system functions like exec and system. Those are evil anyway.