The problem with that request is that in order to turn on a setting like that - you would have to be able to log into the site.

The only thing that could prevent login like that would be a plugin. If you could log into your server with something like SSH or manipulate files via SFTP - you could do some directory swapping and achieve what you're asking for.

The only plugin you need to log into your site is the Authentication - Joomla plugin. That means you could (temporarily) move every directory (except the authentication directory) out of the plugins directory to somewhere else. When Joomla can't find a plugin - it just doesn't load it. It's a silent operation.

If it turns out that the cause of your issue is an authentication plugin, you could further move (again, temporarily) all of the directories out of /plugins/authentication EXCEPT the joomla directory. You would have, at that point, no plugins running except the Authentication - Joomla plugin.

Yes you would need to login, but you could have something like a checkmark or special login page to enable this function before loading the backend. I mean just like in a desktop operating system - there you need to login too. I don't mean only plugins but also extensions.
Another approach would be to add an underscore in front of each 3rd party folder to temporary disable it. Then you don't have to move directories...

Nice idea, many times i go to phpmyadmin to disable extensions (switching enabled value from 1 to 0) to see if all is ok. Maybe we need a particular custom backend url that let the core loads only "core plugin, module and extension", ignoring all others "enabled" extensions.

The only safe and secure method I can think of to enable such a mode would be similar to the root user option that can be added temporarily to the global config file

This again requires a tracking functionality with a list of core extensions and IMO there is still no need to introduce this type of list.

Really? But we know what core is, no?

We do when working from this repository. An installed site has no knowledge of what is core and what is third party, and there really is no need for there to be this awareness.

Uhm... so "padlock =! core extensions"?

It could be a lifesaver for a lot of siteowners when for example accidently upgrading Joomla with outdated extensions that break the backend. Then they could start in safemode, disable it, start in normal mode, update the stuff and be fine. Otherwise they have to go through a whole restoration process.

No, "padlock is not core extensions". That padlock indicates an extension is protected, basically meaning an extension cannot be disabled or uninstalled.

Even if you could boot into a safe mode, it would only be reliable for the backend. The frontend would be terribly screwed over because that is going to be very coupled to the chosen template and a safe mode would disable that.

An extension can (and many do) set the padlock

I actually think this is a good idea, all we need is a list of all core extensions, modules and plugins. Disable all which are none core when entering safe mode. Once finished you can click disable Debug mode which enables all which were disabled. Any which no longer exist are skipped.

Disable safe mode* sorry was reading something else at the same time.

This? https://github.com/joomla/joomla-cms/blob/staging/libraries/src/Extension/ExtensionHelper.php#L30

And reggarding locked extensions see this PR #17219

This is not going to be possible. Well it is possible but it wont achieve what you are looking to achieve.

Let me give a simple example of why "safe mode" will actually kill your site instead of helping you to debug it.

I have a site that uses a non core authorisation plugin. I start in safe mode so that only core extensions are used (if they are enabled) and now I can not log in at all to even see what the issue was that I was trying to fix.

That's just a really simple example of why this can never work