Bug #62457 [Opn]: Excuse me, is this a bug?

Sun, 01 Jul 2012 04:30:48 -0700 

Edit report at https://bugs.php.net/bug.php?id=62457&edit=1

 ID:                 62457
 User updated by:    mybugs at 163 dot com
 Reported by:        mybugs at 163 dot com
 Summary:            Excuse me, is this a bug?
 Status:             Open
 Type:               Bug
 Package:            Safe Mode/open_basedir
 Operating System:   Microsoft Windows Server 2003 R2
 PHP Version:        5.4.4
 Block user comment: N
 Private report:     N

 New Comment:

I 'm sorry . I  set the wrong position by "Actual result" and "Expected result" 
at the time of submission .

It should be the"Actual result"is the "Expected result",and the "Expected 
result" is the "Actual result"

This problem is that it can restrict path but at the same time it also can 
perform the other  program except the path.
It is the significant security hidden danger.


fix
php.ini

disable_functions=system
[PATH="D:/Web/test.com/public"]
open_basedir=D:/Web/test.com/public/


Previous Comments:
------------------------------------------------------------------------
[2012-07-01 09:58:28] Sjon at hortensius dot net

What if you remove all '@' from your script, what are the error-messages that 
appear? Because with those added, all errors are hidden.

------------------------------------------------------------------------
[2012-07-01 06:43:48] mybugs at 163 dot com

php.ini

disable_functions =system

[PATH=  "D:/Web/test.com/public"]
open_basedir

------------------------------------------------------------------------
[2012-07-01 06:42:05] mybugs at 163 dot com

Description:
------------
php.ini

[PATH=  "D:/Web/test.com/public"]
open_basedir            ="D:/Web/test.com/public/"



Test script:
---------------
<?php
echo 'open_basedir:'.ini_get('open_basedir').'<br />';  //D:\WEB\TEST_COM\
$cmd = 'ping qq.com';
echo execute('system',$cmd);
echo execute('passthru',$cmd);
echo execute('shell_exec',$cmd);
echo execute('exec',$cmd);
echo execute('popen',$cmd);
function execute($type,$cfe) {
        $data = '';
        if ($cfe) {
                if($type=='system') {
                        @ob_start();
                        @system($cfe);
                        $data = @ob_get_contents();
                        @ob_end_clean();
                } elseif($type=='passthru') {
                        @ob_start();
                        @passthru($cfe);
                        $data = @ob_get_contents();
                        @ob_end_clean();
                } elseif($type=='shell_exec') {
                        $data = @shell_exec($cfe);
                } elseif($type=='exec') {
                        @exec($cfe,$data);
                        $data = join("\n",$data);
                } elseif($type=='popen') {
                        $f = @popen($cfe,"r");
                        while(!@feof($f)) {
                                $data .= @fread($f,1024); 
                        }
                        @pclose($f);
                }
        }
        return $type.'----------<br />'.$data.'<br />'.$type.'----------<br 
/><br />';
}

?>

Expected result:
----------------
open_basedir:D:\Web\test.com\public\
system----------

system----------

passthru----------
Pinging qq.com [119.147.15.13] with 32 bytes of data: Reply from 119.147.15.13: 
bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 
Reply from 119.147.15.13: bytes=32 time=11ms TTL=56 Reply from 119.147.15.13: 
bytes=32 time=11ms TTL=56 Ping statistics for 119.147.15.13: Packets: Sent = 4, 
Received = 4, Lost = 0 (0% loss), Approximate round trip times in 
milli-seconds: Minimum = 11ms, Maximum = 11ms, Average = 11ms
passthru----------

shell_exec----------
Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: 
bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 
Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: 
bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, 
Received = 4, Lost = 0 (0% loss), Approximate round trip times in 
milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms
shell_exec----------

exec----------
Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: 
bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 
Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: 
bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, 
Received = 4, Lost = 0 (0% loss), Approximate round trip times in 
milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms
exec----------

popen----------
Pinging qq.com [119.147.15.17] with 32 bytes of data: Reply from 119.147.15.17: 
bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 
Reply from 119.147.15.17: bytes=32 time=9ms TTL=56 Reply from 119.147.15.17: 
bytes=32 time=9ms TTL=56 Ping statistics for 119.147.15.17: Packets: Sent = 4, 
Received = 4, Lost = 0 (0% loss), Approximate round trip times in 
milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms
popen----------


Actual result:
--------------
open_basedir:D:\Web\test.com\public\
system----------

system----------

passthru----------

passthru----------

shell_exec----------

shell_exec----------

exec----------

exec----------

popen----------

popen----------


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62457&edit=1

Reply via email to