ID: 40455 Updated by: [EMAIL PROTECTED] Reported By: richton at nbcs dot rutgers dot edu -Status: Open +Status: Closed Bug Type: Safe Mode/open_basedir Operating System: Solaris PHP Version: 5CVS-2007-02-13 (snap) New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-02-13 15:25:31] richton at nbcs dot rutgers dot edu That patch makes my test case better, thanks. ------------------------------------------------------------------------ [2007-02-13 14:29:10] [EMAIL PROTECTED] Please try this patch: http://tony2001.phpclub.net/dev/tmp/bug40455.diff ------------------------------------------------------------------------ [2007-02-13 13:51:01] richton at nbcs dot rutgers dot edu OK, gotcha. The expected result of $process = proc_open("/bin/bash", $descriptorspec, $pipes); is that PHP will attempt to execute "/bin/bash". This is the actual result with Safe Mode off. The actual result of that code with safe mode on is that it ignores "/bin/bash" and attempts to execute the safe_mode_exec_dir (absurd, really; you can't run a directory), *silently throwing away* my "/bin/bash" parameter. This would be like going to a command prompt, and (let's just assume that the safe_mode_exec_dir is /bin) typing "/bin/bash", and getting the message "/bin: is a directory." While that may be a true output, it's not what you typed -- if you type "/bin/bash", you expect "/bin/bash" to be attempted, and you certainly don't expect your input to be thrown away silently. ------------------------------------------------------------------------ [2007-02-13 13:08:08] [EMAIL PROTECTED] >Assuming you're on a system with /bin/bash existing, it's >all you need to go. Sorry, I've failed to guess what should be the expected result of this code and what is the actual result you get. (Please no truss output. Thank you.) ------------------------------------------------------------------------ [2007-02-13 13:02:20] richton at nbcs dot rutgers dot edu > To properly diagnose the problem, we > need a short but complete example script to be able > to reproduce this bug ourselves. And the script filed under "Reproduce code" doesn't meet this description how? I even show command lines with which to run it. Just in case it's not obvious: What was filed under "Reproduce code" in the original report is what I placed in "execdir.php" for the Result sections. Assuming you're on a system with /bin/bash existing, it's all you need to go. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/40455 -- Edit this bug report at http://bugs.php.net/?id=40455&edit=1
