ID: 33254 User updated by: unknown-php at masterhost dot ru Reported By: unknown-php at masterhost dot ru Status: Open -Bug Type: Feature/Change Request +Bug Type: Safe Mode/open_basedir Operating System: FreeBSD PHP Version: 4.3.11 New Comment:
I think, it's a security problem Previous Comments: ------------------------------------------------------------------------ [2005-06-06 15:44:36] unknown-php at masterhost dot ru With the current CVS snapshot tempnam() creates files inside system temp directory anyway, but now fopen() already returns an error (open_basedir restriction in effect). So we have a lot of zero-size files in system temp directory... I think it's necessary to refuse the file creation and return an error at the tempnam() function call. ------------------------------------------------------------------------ [2005-06-06 10:21:30] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2005-06-06 10:14:00] unknown-php at masterhost dot ru Description: ------------ We have a mass virtual hosting server. Regardless of the open_basedir and other restriction, we can't restrict temp file creation to directory onside the user's home dir. Therefore user can create huge amount of files and overfull the file system, and we can't supervise it and even can't determine which user has created these files. It seems to be a bug or omission that tempnam can create files outside the open_basedir and there no another restriction for it. I think it should be any restriction to prevent situations like this. Reproduce code: --------------- php_admin_value open_basedir /home/user/ php_admin_value doc_root /home/user/domain php_admin_value upload_tmp_dir /home/user/domain/tmp <?php $tmpfname = tempnam("/tmp", "FOO"); $handle = fopen($tmpfname, "w"); fwrite($handle, "data"); fclose($handle); ?> Expected result: ---------------- We expect to see the error like this: "open_basedir restriction in effect. File /tmp/FOOxjEb8i) is not within the allowed path(s)" Actual result: -------------- Really the file was successfully created inside the system temp directory, outside the open_basedir path. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33254&edit=1
