ID: 7744
Updated by: jason
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Closed
Old-Bug Type: Scripting Engine problem
Bug Type: *General Issues
Operating system:
PHP Version: 4.0.3pl1
Assigned To:
Comments:
Try a later version of php and reopen if still an issue.
Previous Comments:
---------------------------------------------------------------------------
[2000-12-08 11:11:50] [EMAIL PROTECTED]
On Solaris, safe mode only works if either the php script to be parsed or the
directory it is in are owned by numerical uid 1 (note: this is neither the uid of the
person writing the script nor the httpd uid). This is not the definition of safe
mode...
Trying to narrow the problem down:
In safe_mode.c the function php_checkuid demands two uids to match:
uid = php_getuid() should be the php file currently parsed (but is always "1" on a
solaris system)
duid = sb.st_uid is the file to be included (correct value)
It seems that php_getuid() is broken on solaris, always returning "1". Unfortunately
now safe mode is unusable because all scripts and included files have to be readable
by the http uid (e.g. world), writable by the script developer(e.g. group) and the
owner must be uid "1" (daemon, bin, or whatever uid "1" is).
Note that this is even when a simple file is parsed where no other file is included
(require()).
Testdrive 1
-----------
plain php file is parsed /www/php/test.php, owner 1331, group httpd
<HTML><BODY>
<?php echo phpinfo(); ?>
</BODY></HTML>
Warning: SAFE MODE Restriction in effect. The script whose uid is 1 is not allowed to
access /www/php/test.php owned by uid 1331 in Unknown on line 0
Warning: Failed opening '/www/php/test.php' for inclusion (include_path='.') in
Unknown on line 0
To make it work, I must
chown 1 /www/php
or
chown 1 /www/php/test.php
which is not useful because the script uid should be the one of the owner of the file.
Seems that "parsing a php file in safe mode" is defined as "including the file into
itself in safe mode" and the initial values are not correct but default to "1".
Testdrive 2
-----------
php file is parsed /www/php/test.php, owner now uid 1 (unfortunately), group httpd
<HTML><BODY>
<?require ("/www/php/somefile.inc"); ?>
</BODY></HTML>
Warning: SAFE MODE Restriction in effect. The script whose uid is 1 is not allowed to
access /www/php/include/somefile.inc owned by uid 1331 in /www/php/test.php on line 2
Fatal error: Failed opening required '/www/php/somefile.inc' (include_path='.') in
/www/php/test.php on line 2
The base problem seems that when a php file is parsed in safe mode, it has to be uid 1
or in a directory owned by uid 1 which is not desired...
---------------------------------------------------------------------------
[2000-11-10 05:54:27] [EMAIL PROTECTED]
in safe mode, the php script uid seems to default to 1 instead of the httpd uid (taken
from apache httpd process)
case 1)
no safe mode: apache runs as http uid 11101 and a php script readable by uid 11101 can
be accessed and is parsed - fine.
case 2)
now safe mode is enabled and a php script owned by uid 11101 or in a directory owned
by 11101 is read but not parsed. Message is "Warning: SAFE MODE Restriction in effect.
The script whose uid is 1 is not allowed to access /path/script.php3 owned by uid
11101 in Unknown on line 0."
I am sure that apache does not run with uid 1 but with uid 11101 because scripts
readable by uid 1 but not 11101 are not even found by apache (403 forbidden).
Where does the php script uid 1 come from?
The only way to get php4 and safe mode working now is to have the directory or file
owned by uid 1 which is neither apache's uid nor the user's uid - i can't imagine this
is intentional?
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=7744&edit=2
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
