ID: 31618
User updated by: kpederson at mail dot ewu dot edu
Reported By: kpederson at mail dot ewu dot edu
Status: Assigned
Bug Type: Filesystem function related
Operating System: redhat enterprise
PHP Version: 5CVS-2005-03-14
Assigned To: tony2001
New Comment:
Hmm... wouldn't something like safe_mode_read_dir make it
possible to have shared libraries while using safe mode,
assuming it allowed fopen(), include/require access?
I don't see how else it's possible to make common modules,
like the pear library, available globally, unless they
never need to do more than include other files in their
own hierarchy, while using safe mode.
To turn off safe mode, would be a huge security risk
unless I were running it using suExec and CGI or
something.
I'm going to ask on #PHP for other thoughts as there has
to be a way to get the best of both worlds (common
accessible libraries vs. security). Thanks for the help.
Previous Comments:
------------------------------------------------------------------------
[2005-08-12 20:29:55] [EMAIL PROTECTED]
This is the reason why safe_mode should have been nuked long time ago.
------------------------------------------------------------------------
[2005-08-12 20:04:46] kpederson at mail dot ewu dot edu
Hmm... I can understand that logic. The docs say:
"UID/GID checks are bypassed when including files from
this directory and its subdirectories"
which also seems to fit.
It's going to make it really hard for me (and I would
guess many others) as a developer to support a given use
case.
The use case that doesn't seem to be satisfied by this is
when the files in the safe_mode_include_dir (smarty for
example) needs to fopen() other files in that directory.
Smarty tries is_readable, which now succeeds, but there is
no way for smarty, when running under safe mode, to
actually read common templates... <sigh>. I don't know if
this use case can be satisfied without that
functionality.... I have hundreds of users, but no
apparent way, (other than includes which now work) to do
any type of complex templating. In most commercial
environments, this wouldn't seem like a problem, but in
the university setting, they all need access to a common
template.
Ok. I'm ranting and a bit frustrated -- although I do
admit that you're right per all the docs. Feel free to
delete this message and close the bug report. I
appreciate you leaving it open a bit longer. If you're
open for any discussion, you can e-mail me.
Thanks.
------------------------------------------------------------------------
[2005-08-12 19:17:12] [EMAIL PROTECTED]
Yes, I've made this intentionally.
The file in safe_mode_include_dir can be included, but cannot be opened
using fopen() and friends.
IMO that's why this directive is called safe_mode_*INCLUDE*_dir.
------------------------------------------------------------------------
[2005-08-12 19:11:00] kibab at icehouse dot net
Ok, I tried it out on my dev server and it works!
is_readable() now returns the correct values based on the
ownership of the file.
>From my initial test:
is_readable: /var/lib/php/test_templ2.php (true)
TEST
The fopen($myfilename) call, however, still fails with the
following error message (perhaps I should file this as a
separate bug report...):
Warning: fopen() [function.fopen]: SAFE MODE Restriction
in effect. The script whose uid/gid is 49/49 is not
allowed to access /var/lib/php/test_templ2.php owned by
uid/gid 0/0 in /var/www/sites/devel/test.php on line 10
Warning: fopen(/var/lib/php/test_templ2.php)
[function.fopen]: failed to open stream: Success
in /var/www/sites/devel/test.php on line 10
And... safe_mode_include_dir on that server is set
to /var/lib/php.
------------------------------------------------------------------------
[2005-08-12 18:03:49] [EMAIL PROTECTED]
Please try again. It should be there this time.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/31618
--
Edit this bug report at http://bugs.php.net/?id=31618&edit=1
