ID: 12121
Updated by: jflemer
Old Status: Open
Status: Closed
Bug Type: *Directory/Filesystem functions
Operating System: OpenBSD 2.7
PHP Version: 4.0.6
Old Assigned To: 
Assigned To: jflemer
New Comment:

o Fixed Bug #12121: chdir and safe_mode
  - [ ext/standard/dir.c ] changed php_checkuid() to use

  - [ main/safe_mode.h ] added new checkuid mode:
    CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check

  - [ main/safe_mode.c ] added code for new checkuid mode

Previous Comments:

[2001-07-12 21:23:11] [EMAIL PROTECTED]

[ in ext/standard/dir.c:274 ]
I think that php_checkuid() should be called with CHECKUID_ALLOW_ONLY_FILE (whcih does 
not exist yet) instead of CHECKUID_ALLOW_ONLY_DIR. Meaning -- if the passed "filename" 
does not meet UID/GID test, it should *not* try stripping the last element and trying 

I am working on bug #12119, which is (sort of) related.


[2001-07-12 20:39:03] [EMAIL PROTECTED]

php with safe_mode actived.

./configure --enable-safe-mode \

Default php.ini except safe_mode on.

  following script is /home/fred/chdir.php
  /home/fred/chdir.php is 3654/3654 (fred/fred)
  /home/fred is 3654/3654 (fred/fred) mode 755
  /home is 0/0 (root/wheel) mode 755
  httpd runs as www. As php is an apache module,
  php scripts are running as www too.

Script (output follows)


print "current directory" . getcwd() . "<br><br>";

$l = array (".", "/home/fred/", "/home/fred/.",
"/home/fred/./../", "/home/fred/./", "/home/");
foreach ($l as $wd) {                                               
        if (chdir ("$wd")) {
                print "chdir($wd) OK  <br>";
        else {
                print "chdir($wd) error <br>";
        print "current directory " . getcwd() . "<br><br>";


current directory/home/fred

chdir(.) OK 
current directory /home/fred

Warning: SAFE MODE Restriction in effect. The script whose uid is 3564 is not allowed 
to access /home/fred owned by uid 0 in /home/fred/chdir.php
on line 7
chdir(/home/fred/) error 
current directory /home/fred

chdir(/home/fred/.) OK 
current directory /home/fred

chdir(/home/fred/./../) OK 
current directory /home

chdir(/home/fred/./) OK 
current directory /home/fred

Warning: Unable to access /home in /home/fred/chdir.php on line 7
chdir(/home/) error 
current directory /home/fred


Edit this bug report at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to