ID: 12121 Comment by: food-page62 at hotmail dot com Reported By: sintes at nfrance dot com Status: Closed Bug Type: *Directory/Filesystem functions Operating System: OpenBSD 2.7 PHP Version: 4.0.6 Assigned To: jflemer New Comment:
<a href=http://4u-ill-food-photo-p.da.ru>food page</a> Previous Comments: ------------------------------------------------------------------------ [2001-07-13 14:20:48] [EMAIL PROTECTED] o Fixed Bug #12121: chdir and safe_mode - [ ext/standard/dir.c ] changed php_checkuid() to use CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR - [ main/safe_mode.h ] added new checkuid mode: CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check fails - [ main/safe_mode.c ] added code for new checkuid mode ------------------------------------------------------------------------ [2001-07-12 21:23:11] [EMAIL PROTECTED] [ in ext/standard/dir.c:274 ] I think that php_checkuid() should be called with CHECKUID_ALLOW_ONLY_FILE (whcih does not exist yet) instead of CHECKUID_ALLOW_ONLY_DIR. Meaning -- if the passed "filename" does not meet UID/GID test, it should *not* try stripping the last element and trying agian. I am working on bug #12119, which is (sort of) related. ------------------------------------------------------------------------ [2001-07-12 20:39:03] sintes at nfrance dot com php with safe_mode actived. ./configure --enable-safe-mode \ --with-apache=../apache-1.3.19 Default php.ini except safe_mode on. Contexte: -------- following script is /home/fred/chdir.php /home/fred/chdir.php is 3654/3654 (fred/fred) /home/fred is 3654/3654 (fred/fred) mode 755 /home is 0/0 (root/wheel) mode 755 httpd runs as www. As php is an apache module, php scripts are running as www too. Script (output follows) ------ <? print "current directory" . getcwd() . "<br><br>"; $l = array (".", "/home/fred/", "/home/fred/.", "/home/fred/./../", "/home/fred/./", "/home/"); foreach ($l as $wd) { if (chdir ("$wd")) { print "chdir($wd) OK <br>"; } else { print "chdir($wd) error <br>"; } print "current directory " . getcwd() . "<br><br>"; } ?> Ouput ----- current directory/home/fred chdir(.) OK current directory /home/fred Warning: SAFE MODE Restriction in effect. The script whose uid is 3564 is not allowed to access /home/fred owned by uid 0 in /home/fred/chdir.php on line 7 chdir(/home/fred/) error current directory /home/fred chdir(/home/fred/.) OK current directory /home/fred chdir(/home/fred/./../) OK current directory /home chdir(/home/fred/./) OK current directory /home/fred Warning: Unable to access /home in /home/fred/chdir.php on line 7 chdir(/home/) error current directory /home/fred ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=12121&edit=1
