From: [EMAIL PROTECTED]
Operating system: Linux - Redhat 7.3
PHP version: 4.3.0-pre1
PHP Bug Type: Unknown/Other Function
Bug description: safe_mode_include_dir not being used correctly
This is possibly related to Bug #17858.
We've got Apache2 on Redhat 7.3, with safemode in php enabled. We
have safe_mode_gid set to on as well. The safe_mode include directory is
set as follows:
safe_mode_include_dir = "/home/staff/ryan/WWW"
I've then got the test script:
<?php
if ($dir = opendir("/home/staff/ryan/WWW"))
{while (($file = readdir($dir)) !== false) {
echo "$file\n";
}
closedir($dir);
} else {
echo "FAILED";
}
?>
That script has the following ownership permissions:
-rw-r--r-- 1 web nobody 229 Oct 24 15:31 test2.php
And /home/staff/ryan/WWW is:
drwxr-xr-x 5 ryan staff 4096 Oct 21 17:30 WWW
Calling the script displays "FAILED" on the browser and causes the
two following errors in the error log:
PHP Warning: opendir() [<a
href='http://www.php.net/function.opendir'>function.opendir</a>]: SAFE
MODE Restriction in effect. The script whose uid/gid is 89/99 is not
allowed to access /home/staff/ryan/WWW/ owned by uid/gid 270/110 in
/home/www/DOCS/phptest/test2.php on line 3
PHP Warning: opendir(/home/staff/ryan/WWW/) [<a
href='http://www.php.net/function.opendir'>function.opendir</a>]: failed
to open dir: Inappropriate ioctl for device in
/home/www/DOCS/phptest/test2.php on line 3
Changing the ownership permissions to the same user and/or group
causes the script to execute fine, displaying the contents with no
problems or errors.
It would appear that the safe_mode_include_dir value is not being
used, but I'm also open to the suggesion that I've stuffed up somewhere
else.
For the record, I originally started having problems with 4.2.2
(user and group returned as -1) this was fixed upgrading to 4.3.0-pre1,
but then the include_dir still had problems. I've tested it with today's
snapshot (php4-200210232100) and still have the same problem.
My config options looks like :
./configure --with-mysql=/usr/local/mysql --with-openssl --with-xml
--enable-track-vars --enable-force-cgi-redirect --enable-versioning
--with-apxs2=/usr/local/httpd/bin/apxs --with-zlib --enable-ftp
--enable-sockets --with-gettext --with-imap=/usr/local/imap
--with-imap-ssl
Ummm, help?
Cheers,
Ryan.
--
Edit bug report at http://bugs.php.net/?id=20054&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=20054&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=20054&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=20054&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=20054&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=20054&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=20054&r=support
Expected behavior: http://bugs.php.net/fix.php?id=20054&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=20054&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=20054&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=20054&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20054&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=20054&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=20054&r=isapi
