ID: 27160 User updated by: bjorn dot wiberg at home dot se Reported By: bjorn dot wiberg at home dot se Status: Bogus Bug Type: Apache2 related Operating System: Debian GNU/Linux 3.0r2 (mixed) PHP Version: 5CVS-2004-02-06 New Comment:
Hi! I once again read the safe mode sections (where open_basedir is described), but I'm afraid that doesn't explain why "." and/or "./" is a bad idea in the Apache 2 SAPI, or why the current directory isn't what I think it is. Would you please elaborate on this? Thanks in advance! Best regards, Bj�rn Previous Comments: ------------------------------------------------------------------------ [2004-02-09 19:17:32] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php Using "." or "./" is a really bad idea for a SAPI like Apache 2, since it is very likely that the current directory is not what you think it is. The underlying code for figuring out open_basedir is identical in both CLI and Apache 2 sapi. ------------------------------------------------------------------------ [2004-02-06 14:10:53] bjorn dot wiberg at home dot se (The version is 2004-02-06 10:30, not 2004-02-05.) Tried with open_basedir = "." and all error logging enabled with the CLI version. No errors. Just to make sure that the CLI version was obeying the open_basedir directive, I tried changing it to a completely differemt directory (where the script isn't located) and then open_basedir errors were shown. So it seems I cannot reproduce the error with the CLI version -- it only appears in the PHP SAPI version. Any suggestions (other than including "./" in open_basedir as a work-around)? Best regards, Bj�rn ------------------------------------------------------------------------ [2004-02-06 11:18:03] [EMAIL PROTECTED] I can not reproduce this. Try with CLI. ------------------------------------------------------------------------ [2004-02-05 11:42:03] bjorn dot wiberg at home dot se Description: ------------ Using PHP for a virtual host, with open_basedir set to "." (a dot). When running a script that includes files in subdirectories relative to the script on the form "./dir/file.inc", those files fail to get included, and the error log says that those files are not withing the allowed path. Even though the open_basedir documentation says that "." should allow files in the current directory *and subdirectories* to be included. Setting open_basedir to include "./" fixes the problem. (I've now started to include ".:./" in my open_basedir to be on the "safe" side...) NOTE: This is not the same thing as bug #14396 (http://bugs.php.net/bug.php?id=14396) as I'm not using safe mode, and don't get the "wrong directory error" but instead the "is not within the allowed path(s)" error. SIDENOTE: Bug #26310 (http://bugs.php.net/bug.php?id=26310) has a very odd comment at the end; why would "./" be almost the same thing as not setting any open_basedir restrictions at all? I would say that "/" would be the same thing as not setting it at all, but not "./"... Reproduce code: --------------- I'm using phpMyAdmin 2.5.5-pl1 from: http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.5.5-pl1.tar.gz?download ...together with Apache 2.0.48-7 (apache2-mpm-worker, apache2-common, apache2-doc Debian packages) and PHP 5.0.0b3 as an Apache 2 SAPI module. At the moment I'm not running PHP in safe mode. I'm also more or less using the standard PHP config of php.ini-recommended, also locking some of its values with php_admin_value and php_admin_flag in main server config. Overriding doc_root, max_execution_time, memory_limit, open_basedir and safe_mode_exec_dir (a remainder from the time when I used safe mode) for each virtual host. Expected result: ---------------- No errors should appear in the Apache error log. The inclusion of files from the script should work. "." as open_basedir ought to allow inclusion both of files in the same directory as the script (i.e. include "file.txt" AND "./file.txt") and subdirectories (i.e. include "directory/file.txt" -- at least if "." is also in the include_path -- AND "./directory/file.txt"). Actual result: -------------- WITH OPEN_BASEDIR SET TO ".": [client 81.224.231.55] PHP Fatal error: main(): Failed opening required './libraries/grab_globals.lib.php' (include_path='.:/usr/local/lib/php') in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/ [client 81.224.231.55] PHP Warning: main(): open_basedir restriction in effect. File(./libraries/grab_globals.lib.php) is not within the allowed path(s): (.) in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/queryframe.php?lang=sv-iso-8859-1&server=1&hash=814ae4552105c8875600352b899733741075996792 [client 81.224.231.55] PHP Warning: main(./libraries/grab_globals.lib.php): failed to open stream: Operation not permitted in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/queryframe.php?lang=sv-iso-8859-1&server=1&hash=814ae4552105c8875600352b899733741075996792 [client 81.224.231.55] PHP Fatal error: main(): Failed opening required './libraries/grab_globals.lib.php' (include_path='.:/usr/local/lib/php') in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/queryframe.php?lang=sv-iso-8859-1&server=1&hash=814ae4552105c8875600352b899733741075996792 [client 81.224.231.55] PHP Warning: main(): open_basedir restriction in effect. File(./libraries/grab_globals.lib.php) is not within the allowed path(s): (.) in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/left.php?lang=sv-iso-8859-1&server=1&hash=814ae4552105c8875600352b899733741075996792 [client 81.224.231.55] PHP Warning: main(./libraries/grab_globals.lib.php): failed to open stream: Operation not permitted in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/left.php?lang=sv-iso-8859-1&server=1&hash=814ae4552105c8875600352b899733741075996792 [client 81.224.231.55] PHP Fatal error: main(): Failed opening required './libraries/grab_globals.lib.php' (include_path='.:/usr/local/lib/php') in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/left.php?lang=sv-iso-8859-1&server=1&hash=814ae4552105c8875600352b899733741075996792 [client 81.224.231.55] PHP Warning: main(): open_basedir restriction in effect. File(./libraries/grab_globals.lib.php) is not within the allowed path(s): (.) in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/main.php?lang=sv-iso-8859-1&server=1 [client 81.224.231.55] PHP Warning: main(./libraries/grab_globals.lib.php): failed to open stream: Operation not permitted in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/main.php?lang=sv-iso-8859-1&server=1 [client 81.224.231.55] PHP Fatal error: main(): Failed opening required './libraries/grab_globals.lib.php' (include_path='.:/usr/local/lib/php') in /mnt/storage/usr/lib/php-bin/vhosts/bwiberg.dyndns.org/admin/phpMyAdmin-2.5.5-pl1/css/phpmyadmin.css.php on line 7, referer: http://bwiberg.dyndns.org/php-bin/admin/phpMyAdmin/main.php?lang=sv-iso-8859-1&server=1 WITH OPEN_BASEDIR SET TO "./": [Thu Feb 05 17:08:00 2004] [notice] SIGUSR1 received. Doing graceful restart [Thu Feb 05 17:08:00 2004] [notice] Digest: generating secret for digest authentication ... [Thu Feb 05 17:08:00 2004] [notice] Digest: done [Thu Feb 05 17:08:00 2004] [notice] Apache configured -- resuming normal operations (That is, no errors appear.) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27160&edit=1
