[PHP-BUG] Bug #64573 [NEW]: Confusing open_basedir errors when parent folders are inaccessible

Tue, 02 Apr 2013 20:11:59 -0700 

From:             bradley dot will at gmail dot com
Operating system: Windows 2008
PHP version:      5.3.23
Package:          Filesystem function related
Bug Type:         Bug
Bug description:Confusing open_basedir errors when parent folders are 
inaccessible

Description:
------------
Tested on Windows; Linux's behavior is as expected. I'm using a Plesk 
install but I think this will happen with any similar folder structure.

Basically, open_basedir or require_once give confusing error messages when

multiple parent folders to the open_basedir have security settings which
prevent 
access. 

The confusing error messages are pasted under Actual Result; "open_basedir

restriction in effect. File() is not within the allowed path(s)" is the
first 
error seen, which is an incorrect error; the file IS within the allowed
path. 
Only the second error message, Operation not permitted, is somewhat
accurate. 
However it is still suboptimal compared to the other error condition:


When only the open_basedir itself (and not its parent folder) has security

settings which prevent access, the error message is what I would expect.

The expected error message is pasted under Expected Result; "Permission
denied" 
is the appropriate error to use when file/folder permissions are preventing

access to a file or folder, not "operation not permitted."

Test script:
---------------
<?php
// First, ensure that the Plesk, Additional, PleskPHP5, and PEAR folder
(and its contents, including the MDB2.php file) all have their Windows
security settings such that the PHP user CANNOT read or list the contents
(i.e. readable to admins only.) Then ensure that open_basedir includes the
path to the file (C:\Program Files
(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\). Then run this script,
note the output, and click the "try opening file" link at the bottom, and
note the output.
// Second, grant permissions to read and list all folders, EXCEPT for the
PEAR folder (and its contents, including the MDB2.php file.) Run this
script and note outputs.
// Finally, grant permissions to read and list all folders including the
PEAR folder and the MDB2.php file. Run this script and note outputs.

echo "<pre>";
echo shell_exec("whoami")."-------------------------------------------\n";
echo htmlentities(shell_exec("cd C:\Program Files (x86)\Parallels\ &&
dir"))."-------------------------------------------\n";
echo htmlentities(shell_exec("cd C:\Program Files (x86)\Parallels\Plesk\ &&
dir"))."-------------------------------------------\n";
echo htmlentities(shell_exec("cd C:\Program Files
(x86)\Parallels\Plesk\Additional\ &&
dir"))."-------------------------------------------\n";
echo htmlentities(shell_exec("cd C:\Program Files
(x86)\Parallels\Plesk\Additional\PleskPHP5\ &&
dir"))."-------------------------------------------\n";
echo htmlentities(shell_exec("cd C:\Program Files
(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\ &&
dir"))."-------------------------------------------\n";
if(isset($_GET["open"])){
        if(require_once('C:\Program Files
(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php')){
          echo "OPENED\n";      }
        else {    echo "FAILED TO OPEN\n";      } }
echo '<a href="?open=true">Try opening file</a>';
echo "</pre>";

Expected result:
----------------
When any file/folder security setting causes the file to be inaccessible:

PHP Warning:  require_once(C:\Program Files 
(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php): failed to open
stream: 
Permission denied in 
C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test.p
hp on line 16
PHP Fatal error:  require_once(): Failed opening required 'C:\Program Files

(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php' 
(include_path='.;./includes;./pear') in 
C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test.p
hp on line 16

Actual result:
--------------
When the Additional (including PleskPHP5 folder by inheritance) AND PEAR
folders 
are inaccessible to the user:

PHP Warning:  require_once(): open_basedir restriction in effect. 
File(C:/Program Files
(x86)/Parallels/Plesk/Additional/PleskPHP5/PEAR/MDB2.php) 
is not within the allowed path(s): 
(C:/Inetpub/vhosts/server.example.net\;C:\Windows\Temp\;C:\Program Files 
(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\) in 
C:\inetpub\vhosts\server.example.net\site.example.net\test.php on line 2
PHP Warning:  require_once(C:/Program Files 
(x86)/Parallels/Plesk/Additional/PleskPHP5/PEAR/MDB2.php): failed to open 
stream: Operation not permitted in 
C:\inetpub\vhosts\server.example.net\site.example.net\test.php on line 2
PHP Fatal error:  require_once(): Failed opening required 'C:/Program Files

(x86)/Parallels/Plesk/Additional/PleskPHP5/PEAR/MDB2.php' 
(include_path='.;./includes;./pear') in 
C:\inetpub\vhosts\server.example.net\site.example.net\test.php on line 2

When only the PEAR folder is inaccessible to the user:

PHP Warning:  require_once(C:\Program Files 
(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php): failed to open 
stream: Permission denied in 
C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test.
php on line 16
PHP Fatal error:  require_once(): Failed opening required 'C:\Program Files

(x86)\Parallels\Plesk\Additional\PleskPHP5\PEAR\MDB2.php' 
(include_path='.;./includes;./pear') in 
C:\inetpub\vhosts\server.example.net\site.example.net\siteControllerCommon\test.
php on line 16

-- 
Edit bug report at https://bugs.php.net/bug.php?id=64573&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=64573&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=64573&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=64573&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=64573&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=64573&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=64573&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=64573&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=64573&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=64573&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=64573&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=64573&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=64573&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=64573&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64573&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=64573&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=64573&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=64573&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=64573&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=64573&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=64573&r=mysqlcfg

Reply via email to