ID: 36297
User updated by: smartgenius1 at yahoo dot com
Reported By: smartgenius1 at yahoo dot com
-Status: Bogus
+Status: Open
Bug Type: Safe Mode/open_basedir
Operating System: Windows
PHP Version: 5.1.2
New Comment:
Ah well. The least you guys should do is put up a warning on the
chdir() page that Windows does not have UIDs.
Previous Comments:
------------------------------------------------------------------------
[2006-02-05 21:26:04] smartgenius1 at yahoo dot com
This bug is NOT bogus. The support here will just not take the time to
read what I am trying to say.
chdir() should check the open_basedir restriction. It doesnt.
I was able to get into my friends computer, because he believed that
the open_basedir restriction and safe_mode would prevent people from
accessing his files. This function did not follow the open_basedir
restriction and let me get into his system files. Anybody that is
thinking about hosting or letting other people use PHP on their windows
computer... they need to know about this.
This is not a bogus bug. This is a very critical bug; but nobody will
take the time to read through it.
I guess its OK that tons of windows users trust the open_basedir
restriction enough to think that this type of thing cannot happen. Boy
wont they be in a surprise when somebody uses this exploit and erases
their entire computer.
Good day.
~Sean
------------------------------------------------------------------------
[2006-02-05 20:45:46] smartgenius1 at yahoo dot com
Sir, you must not be reading it correctly.
I have open_basedir set to "."; which should only allow functions to
access files in the current directory and under.
I am able to change the directory to an above directory with chdir();
that is NOT a file in the cwd or lower.
I can have a script working in
System/Files/script.php
with open_basedir set to "."; I cannot do
include("../anyfile.php");
file("../anyfile.php");
or any other thing that access the above directory...
so why can I do
chdir("../");
include("anyfile.php");
?
The chdir() function should check to make sure that the directory
argument is within the allowed paths of open_basedir; which it doesnt.
Hope this clarifys my concern.
~Sean
------------------------------------------------------------------------
[2006-02-05 20:41:55] [EMAIL PROTECTED]
What Derick said.
------------------------------------------------------------------------
[2006-02-05 20:30:45] smartgenius1 at yahoo dot com
I said i can reach UPPER LEVEL directories. (../)
Any other file system functions wont let me do that. Just chdir().
------------------------------------------------------------------------
[2006-02-05 20:29:05] [EMAIL PROTECTED]
No bug here.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/36297
--
Edit this bug report at http://bugs.php.net/?id=36297&edit=1
