[PHP-DEV] Bug #12121 Updated: chdir and safe_mode

Fri, 13 Jul 2001 10:59:07 -0700 

ID: 12121
Updated by: jflemer
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Closed
Bug Type: *Directory/Filesystem functions
Operating System: OpenBSD 2.7
PHP Version: 4.0.6
Old Assigned To: 
Assigned To: jflemer
New Comment:

o Fixed Bug #12121: chdir and safe_mode
  - [ ext/standard/dir.c ] changed php_checkuid() to use
    CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR

  - [ main/safe_mode.h ] added new checkuid mode:
    CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
        fails

  - [ main/safe_mode.c ] added code for new checkuid mode



Previous Comments:
------------------------------------------------------------------------

[2001-07-12 21:23:11] [EMAIL PROTECTED]

[ in ext/standard/dir.c:274 ]
I think that php_checkuid() should be called with CHECKUID_ALLOW_ONLY_FILE (whcih does 
not exist yet) instead of CHECKUID_ALLOW_ONLY_DIR. Meaning -- if the passed "filename" 
does not meet UID/GID test, it should *not* try stripping the last element and trying 
agian.


I am working on bug #12119, which is (sort of) related.

------------------------------------------------------------------------

[2001-07-12 20:39:03] [EMAIL PROTECTED]

php with safe_mode actived.

./configure --enable-safe-mode \
--with-apache=../apache-1.3.19

Default php.ini except safe_mode on.

Contexte:
--------
  following script is /home/fred/chdir.php
  /home/fred/chdir.php is 3654/3654 (fred/fred)
  /home/fred is 3654/3654 (fred/fred) mode 755
  /home is 0/0 (root/wheel) mode 755
  httpd runs as www. As php is an apache module,
  php scripts are running as www too.



Script (output follows)
------

<?

print "current directory" . getcwd() . "<br><br>";

$l = array (".", "/home/fred/", "/home/fred/.",
"/home/fred/./../", "/home/fred/./", "/home/");
foreach ($l as $wd) {                                               
        if (chdir ("$wd")) {
                print "chdir($wd) OK  <br>";
        }
        else {
                print "chdir($wd) error <br>";
        }
        print "current directory " . getcwd() . "<br><br>";
} 
 
?>

Ouput
-----

current directory/home/fred

chdir(.) OK 
current directory /home/fred


Warning: SAFE MODE Restriction in effect. The script whose uid is 3564 is not allowed 
to access /home/fred owned by uid 0 in /home/fred/chdir.php
on line 7
chdir(/home/fred/) error 
current directory /home/fred

chdir(/home/fred/.) OK 
current directory /home/fred

chdir(/home/fred/./../) OK 
current directory /home

chdir(/home/fred/./) OK 
current directory /home/fred


Warning: Unable to access /home in /home/fred/chdir.php on line 7
chdir(/home/) error 
current directory /home/fred

------------------------------------------------------------------------



Edit this bug report at http://bugs.php.net/?id=12121&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to