ID: 19292
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Critical
Bug Type: Apache related
Operating System: linux
PHP Version: 4.2.3,4.3.0
New Comment:
4.3.o stills has the same problem, the test suite I posted on 30 Oct
2002 12:56am fails with this messages:
Warning: main() [function.main]: open_basedir restriction in effect.
File(/usr/local/lib/php/hello.php) is not within the allowed path(s):
(/usr/local/http-docs/common/scripts/) in
/usr/local/http-docs/common/lib/test/test.php on line 5
Warning: main(hello.php) [function.main]: failed to create stream: Not
owner in /usr/local/http-docs/common/lib/test/test.php on line 5
Fatal error: main() [function.main]: Failed opening required
'hello.php'
(include_path='./:/usr/local/http-docs/common/lib:/usr/local/lib/php:/usr/local/http-docs/common/lib/phpwhois')
in /usr/local/http-docs/common/lib/test/test.php on
line 5
where test.php tries to include hello.php which is in
/usr/local/http-docs/common/lib/test that is a path that's
included in include_path
Previous Comments:
------------------------------------------------------------------------
[2003-01-10 04:36:13] [EMAIL PROTECTED]
Update version. Bug confirmed in 4.3.0 - final.
------------------------------------------------------------------------
[2003-01-10 03:17:18] [EMAIL PROTECTED]
Is somebody working on this critical bug in php 4.3.0??
Bug was opened 8 sep and now it isn't even the same year...
This is a severe problem for all hosting companies since they have to
turn of open_basedir to get things going without errors.
------------------------------------------------------------------------
[2003-01-09 12:42:13] [EMAIL PROTECTED]
I have just tried to EXPLICITLY set "php_admin_flag safe_mode off" to
ALL virtual hosts, which should not be restricted with safe mode and it
seems to help. So the problem is here only when I rely on the default
setting in php.ini file (where I have safe mode off by default) and
when there is AT LEAST one virtual host with safe_mode enabled.
------------------------------------------------------------------------
[2003-01-09 12:36:48] [EMAIL PROTECTED]
If a have one virt. host with safe_mode turned on and the other one
with safe_mode off, the SECOND one (with safe_mode off from default ini
setting) sometimes seems to have safe_mode turned on, until next
reload. When I tried to replace safe_mode with open_basedir
restrictions, this problem was the same one, which is described above.
------------------------------------------------------------------------
[2003-01-09 04:36:33] [EMAIL PROTECTED]
I wrote regression tests for safe mode recently which trigger this bug
reliably when upgrading to 4.3.0 from 4.2.2 on Apache 2.0.40. In the
Apache config I use: (erring on the side of verbosity)
<Directory /local/qa/perl-framework/t/htdocs/php/safemode>
php_admin_value safe_mode 1
php_admin_value safe_mode_exec_dir /bin
php_admin_value open_basedir /
php_admin_value display_errors 0
php_admin_value log_errors 1
php_admin_value safe_mode_allowed_env_vars FOO_
php_admin_value safe_mode_protected_env_vars FOO_FEE
</Directory>
Then:
/local/qa/perl-framework/t/htdocs/php/safemode/readfile.php contains:
<?php readfile("/etc/passwd"); ?>
The server error log gets this output for the script:
PHP Warning: Unknown(): open_basedir restriction in effect.
File(/local/qa/perl-framework/t/htdocs/php/safemode/readfile.php) is
not within the allowed path(s): (/) in Unknown on line 0
PHP Warning:
Unknown(/local/qa/perl-framework/t/htdocs/php/safemode/readfile.php):
failed to create stream: Operation not permitted in Unknown on line 0
PHP Warning: Unknown(): Failed opening
'/local/qa/perl-framework/t/htdocs/php/safemode/readfile.php' for
inclusion (include_path='.:/usr/share/pear') in Unknown on line 0
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19292
--
Edit this bug report at http://bugs.php.net/?id=19292&edit=1
