Bug #17161: rmdir() bypasses safe_mode

Sun, 12 May 2002 07:12:58 -0700 

From:             [EMAIL PROTECTED]
Operating system: Linux 2.4.18
PHP version:      4.2.0
PHP Bug Type:     Scripting Engine problem
Bug description:  rmdir() bypasses safe_mode

rmdir() function can be used to delete directories that a user should be
able to delete under safe_mode.

Ex.

mkdir test
chmod 777 test
(gid: user pid: user)

test.php (gid: www pid: www)
<?php rmdir('test'); ?> 

works!
-- 
Edit bug report at http://bugs.php.net/?id=17161&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=17161&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=17161&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=17161&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=17161&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=17161&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=17161&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=17161&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=17161&r=submittedtwice
register_globals:    http://bugs.php.net/fix.php?id=17161&r=globals

Reply via email to