ID: 15928
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Feedback
+Status: Open
Bug Type: PHP options/info functions
Operating System: AIX
PHP Version: 4.1.2
New Comment:
Sorry, since we were running php 4.1.1 still yesterday
I was not aware that Sander meant that the bug was
fixed in CVS. Since you announced the new release
for tomorrow, I'll wait and try it out.
Thanks Roberto
Previous Comments:
------------------------------------------------------------------------
[2002-03-19 03:07:13] [EMAIL PROTECTED]
I think Sander meant it's fixed in CVS. Can you try a snapshot from
snaps.php.net, or wait for 4.2.0RC1, which will be rolled tomorrow?
Derick
------------------------------------------------------------------------
[2002-03-19 03:04:45] [EMAIL PROTECTED]
Sorry, but in fact the bug still persists in php 4.1.2
a php script owned by uid=xxx is able to upload
files to a directory owned by uid=yyy in safe_mode.
Please reopen this bug.
------------------------------------------------------------------------
[2002-03-17 12:35:33] [EMAIL PROTECTED]
This is already implemented.
------------------------------------------------------------------------
[2002-03-07 06:15:09] [EMAIL PROTECTED]
Security issue in move_uploaded_file() while in safe-mode
We have different web-sites running on our server. Each of them
may prepare a directory in which files may be written using php-upload
and move_uploaded_file(). Our webserver runs with
safe-mode-restriction.
The documentations says, as mentioned, that this is not unsafe.
Note: move_uploaded_file() is not affected by the normal
safe-mode UID-restrictions. This is not unsafe
because
move_uploaded_file() only operates on files
uploaded via PHP.
In fact, it is. If I know a directory of another website which
allows to upload files via php, I'll be able to write a file to this
location,
offering an upload-script on my website. I could on this way put
offending files in someone elses website, who probably protectet his
php-upload-script with .htaccess.
I would suggest that move_uploaded_file() should be modified that
way, that files may only be moved to directories whose owner is the
same as the upload-script while safe-mode restriction applies.
This approach would guarantee that nobody else as the people who
offers an upload-script will be able to put files in the owners
webspace.
After such a modification move_uploaded_file() will be really safe. At
present, it's not. It allows to skip safe-mode-restriction.
Kind regards and thanks for any feedback
Roberto
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15928&edit=1
