ID:               42077
 Updated by:       [EMAIL PROTECTED]
 Reported By:      spam2 at rhsoft dot net
-Status:           Bogus
+Status:           Assigned
 Bug Type:         Session related
 Operating System: Linux
 PHP Version:      5CVS-2007-07-23 (snap)
-Assigned To:      
+Assigned To:      stas
 New Comment:

Re-opening and assign to Stas who has something cooking up for this.


Previous Comments:
------------------------------------------------------------------------

[2007-07-23 09:12:07] [EMAIL PROTECTED]

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3378 for why.

------------------------------------------------------------------------

[2007-07-23 08:00:31] spam2 at rhsoft dot net

Description:
------------
The Session-Save-Dir MUST NOT be in open_basedir because scripts must
not read session files for security!

And a failed session_start() have not to be fatal error too


Warning: session_start() [function.session-start.php]: open_basedir
restriction in effect. File(/var/www/sessiondata) is not within the
allowed path(s):
(/mnt/data/www/www.rhsoft.net:/mnt/data/www/phpincludes:/usr/share/pear:/var/www/uploadtemp)
in /mnt/data/www/www.rhsoft.net/test.php on line 2

Fatal error: session_start() [<a
href='http://at.php.net/manual/de/function.session-start.php'>function.session-start.php</a>]:
Failed to initialize storage module: files (path:
/var/www/sessiondata)
in /mnt/data/www/www.rhsoft.net/test.php on line 2

Reproduce code:
---------------
<?php
 session_start();
?>

Expected result:
----------------
A started session

Actual result:
--------------
A killed script


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=42077&edit=1

Reply via email to