ID: 1713
Updated by: jimw
Status: Open
Bug Type: Feature/Change Request
Assigned To: 

refiled against 4.0. (this may be addressed by the basedir stuff, but i'm not sure.)

Previous Comments:

[1999-07-19 08:09:13] [EMAIL PROTECTED]
It's occurs only if the php source has the same user Id of the copy from file. 

For security purposes I think that some directive like work_basedir 
can be added in future versions to prevent mistakes that open the 
server filesystem root or the user local dirs. 


[1999-07-14 12:54:08] [EMAIL PROTECTED]
This problem was tested in two system´s

Linux 2.2.9 with php3.0.11  running as module of apache 1.3.6
Linux 2.2.10 with php3.0.7 running as module of apache 1.3.6

Php3.ini config

open_basedir= Some path in htdocs tree
DocRoot=Dir of Apache root html files. 

DocumentRoot=Apache Root of htdocs 

It is possible to create a .php3 page that can copy files outside de DocRoot Tree :  

<? copy("/etc/passwd","passwd.copy") ?>    =>  WORKS


<? fopen("/etc/passwd","R") ?>       =>  FAIL becaus the open_basedir assignment.

In Security section of Manual, says that Security in php3 instaled with modules is 
Security. In apache is impossible to httpd server with out a external script see files
above of DocumentRoot Directive 

I want to  know if its a config  problem of my PHP3 + Apache installations or if it´s 
a BUG. 

I also want to know if there are other functions with this problem/caracteristics. 

I Saw in lists some problems like this, but they are in Windows NT OS. The answers
to this problems are uncomplete and focus that NT is a insecure and with a lot
of problems OS. But I can reproduce a similar  problem in LINUX OS.

Congratulations and keep doing the good work.

Gomes, Marcio 


ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to