Bug #17157: fopen can bypass safe_mode

Sat, 11 May 2002 12:34:08 -0700 

From:             [EMAIL PROTECTED]
Operating system: Linux 2.4.18
PHP version:      4.2.0
PHP Bug Type:     Scripting Engine problem
Bug description:  fopen can bypass safe_mode

If a readfile() function is passed 3rd parameter, which normally indicated
that the file should be opened from the "include_path", it can by pass
safe_mode limitations.

ex.

<?php
fpassthru(fopen("/etc/passwd", "r", 1));
?>
-- 
Edit bug report at http://bugs.php.net/?id=17157&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=17157&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=17157&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=17157&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=17157&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=17157&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=17157&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=17157&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=17157&r=submittedtwice
register_globals:    http://bugs.php.net/fix.php?id=17157&r=globals

Reply via email to