ID: 12121 Updated by: jflemer Reported By: [EMAIL PROTECTED] Status: Open Bug Type: *Directory/Filesystem functions Operating System: OpenBSD 2.7 PHP Version: 4.0.6 New Comment: [ in ext/standard/dir.c:274 ] I think that php_checkuid() should be called with CHECKUID_ALLOW_ONLY_FILE (whcih does not exist yet) instead of CHECKUID_ALLOW_ONLY_DIR. Meaning -- if the passed "filename" does not meet UID/GID test, it should *not* try stripping the last element and trying agian. I am working on bug #12119, which is (sort of) related. Previous Comments: ------------------------------------------------------------------------ [2001-07-12 20:39:03] [EMAIL PROTECTED] php with safe_mode actived. ./configure --enable-safe-mode \ --with-apache=../apache-1.3.19 Default php.ini except safe_mode on. Contexte: -------- following script is /home/fred/chdir.php /home/fred/chdir.php is 3654/3654 (fred/fred) /home/fred is 3654/3654 (fred/fred) mode 755 /home is 0/0 (root/wheel) mode 755 httpd runs as www. As php is an apache module, php scripts are running as www too. Script (output follows) ------ <? print "current directory" . getcwd() . "<br><br>"; $l = array (".", "/home/fred/", "/home/fred/.", "/home/fred/./../", "/home/fred/./", "/home/"); foreach ($l as $wd) { if (chdir ("$wd")) { print "chdir($wd) OK <br>"; } else { print "chdir($wd) error <br>"; } print "current directory " . getcwd() . "<br><br>"; } ?> Ouput ----- current directory/home/fred chdir(.) OK current directory /home/fred Warning: SAFE MODE Restriction in effect. The script whose uid is 3564 is not allowed to access /home/fred owned by uid 0 in /home/fred/chdir.php on line 7 chdir(/home/fred/) error current directory /home/fred chdir(/home/fred/.) OK current directory /home/fred chdir(/home/fred/./../) OK current directory /home chdir(/home/fred/./) OK current directory /home/fred Warning: Unable to access /home in /home/fred/chdir.php on line 7 chdir(/home/) error current directory /home/fred ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=12121&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]