[PHP-DEV] PHP 4.0 Bug #1713 Updated: copy() function allows copy files from anywhere in filesystem

Sat, 10 Feb 2001 10:20:57 -0800 

ID: 1713
Updated by: jimw
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Feature/Change Request
Assigned To: 
Comments:

refiled against 4.0. (this may be addressed by the basedir stuff, but i'm not sure.)

Previous Comments:
---------------------------------------------------------------------------

[1999-07-19 08:09:13] [EMAIL PROTECTED]
It's occurs only if the php source has the same user Id of the copy from file. 

For security purposes I think that some directive like work_basedir 
can be added in future versions to prevent mistakes that open the 
server filesystem root or the user local dirs. 



---------------------------------------------------------------------------

[1999-07-14 12:54:08] [EMAIL PROTECTED]
This problem was tested in two system´s

Linux 2.2.9 with php3.0.11  running as module of apache 1.3.6
Linux 2.2.10 with php3.0.7 running as module of apache 1.3.6

Php3.ini config

open_basedir= Some path in htdocs tree
enablesafemode=On 
DocRoot=Dir of Apache root html files. 

httpd.conf
DocumentRoot=Apache Root of htdocs 

It is possible to create a .php3 page that can copy files outside de DocRoot Tree :  

<? copy("/etc/passwd","passwd.copy") ?>    =>  WORKS

But 

<? fopen("/etc/passwd","R") ?>       =>  FAIL becaus the open_basedir assignment.

In Security section of Manual, says that Security in php3 instaled with modules is 
APACHE
Security. In apache is impossible to httpd server with out a external script see files
above of DocumentRoot Directive 

I want to  know if its a config  problem of my PHP3 + Apache installations or if it´s 
a BUG. 

I also want to know if there are other functions with this problem/caracteristics. 

I Saw in lists some problems like this, but they are in Windows NT OS. The answers
to this problems are uncomplete and focus that NT is a insecure and with a lot
of problems OS. But I can reproduce a similar  problem in LINUX OS.

Congratulations and keep doing the good work.

Gomes, Marcio 




---------------------------------------------------------------------------



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=1713&edit=2


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to