#33752 [NEW]: safe_mode UID checks modification

Mon, 18 Jul 2005 09:38:13 -0700 

From:             mordae at mordae dot net
Operating system: all POSIX
PHP version:      4.3.11
PHP Bug Type:     Feature/Change Request
Bug description:  safe_mode UID checks modification

Description:
------------
For the first, we all know what PHP does in (un)safe_mode. There has to be
some solution of this problem. You have disagreed with all previous, so
what about this one:

Add php.ini directive, that will make PHP check UID of all parent
directories of accessed file in addition of file's and if any of parent
directories are owned by correct user, allow access.
To improve security, you could also check if all directories "above" are
owned by the user, who runs PHP.

See Titov's patch at http://titov.net/safemodepatch/

Thank you
Mordae


-- 
Edit bug report at http://bugs.php.net/?id=33752&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=33752&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=33752&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=33752&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=33752&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=33752&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=33752&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=33752&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=33752&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=33752&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=33752&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=33752&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=33752&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=33752&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=33752&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=33752&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=33752&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=33752&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=33752&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=33752&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=33752&r=mysqlcfg

Reply via email to