#20314 [Opn->Bgs]: Varying open_basedir handling

Fri, 08 Nov 2002 10:04:47 -0800 

 ID:               20314
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Open
+Status:           Bogus
 Bug Type:         *Directory/Filesystem functions
 Operating System: Solaris 7
 PHP Version:      4.2.3
 New Comment:

Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments
to the original bug instead.

Thank you for your interest in PHP.


Previous Comments:
------------------------------------------------------------------------

[2002-11-08 11:07:52] [EMAIL PROTECTED]

Some basic data in advance:
All our servers run PHP 4.2.3 / Apache 1.3.27 / Solaris 7

Despite the fact that since 4.2.3 (at least that's when we discovered
it) an empty open_basedir (according to the manual access should not be
restricted at all that way) will randomly (maybe 5% of all requests)
lead to "open_basedir restriction in effect in line 0" meaning that the
script itself failed to open we discovered another strange effect of
open_basedir:

There are 2 virtual hosts: 1 parsing .php and 1 parsing .html for
php-code.
Both their open_basedir is set to the corresponding webserver-root plus
the additional directories "/tmp" and "/var/tmp".
On the first one (parsing .html) include("./test.txt") or even
include("test.txt") will not work (open_basedir restriction) unless we
add e.g. "te" to the open_basedir (adding "." does not work). In
contrast absolute paths do work fine.
On the second server all sorts of includes (from current directory,
from parent directory, from root) work as supposed and will not fail
unless they try to bypass the open_basedir.

As far as we've looked the issue up the only real difference between
the 2 virtual hosts is that one parses for .html and has it's own user
running the server and the other is parsing for .php and is using the
standard-user (www).

Thanks in advance for any help or hints...


Matthias Fleischer



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=20314&edit=1

Reply via email to