ID: 30905 User updated by: sat at lomejordeinternet dot net Reported By: sat at lomejordeinternet dot net Status: Bogus Bug Type: Filesystem function related Operating System: Linux Fedora 2 PHP Version: 4.3.9 New Comment:
Well. Not bug? If php_admin_value open_basedir restrict to use /XXX /yyy /zzzz but user can with a script onto /XXX , for example he can read /etc or /WWW/XXX/ (this dir not in open_basedir) What this it? Previous Comments: ------------------------------------------------------------------------ [2004-11-26 13:12:09] [EMAIL PROTECTED] This is not a bug, PHP can not stop other programs from going into directories protected by open_basedir. ------------------------------------------------------------------------ [2004-11-26 13:02:56] sat at lomejordeinternet dot net Description: ------------ http://ns11.hostinglmi.net/phpinfo.php In this circustances, with open_basedir on httpd.conf (<IfModule mod_php4.c> php_admin_value open_basedir "/home/xn3m/:/usr/lib/php:/usr/local/lib/php:/tmp" </IfModule> ) If execute certain local exploit such file attached, user can read any dir with grup other read permission. Reproduce code: --------------- ns3.hostinglmi.net/cmd.txt ns3.hostinglmi.net/bug_openbasedir.png (This machine don't work already bug becase added to php.ini disable_functions = passthru,exec,shell_exec,proc_open) Expected result: ---------------- Use cat comand for see any file with password (config.php of several scripts,..) Use ls for see structure filesystem... ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30905&edit=1
