ID: 13060
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Closed
Bug Type: *Configuration Issues
Operating System: Linux
PHP Version: 4.0.6
New Comment:
Can not reproduce with PHP 4.1.0 RC1
--Jani
Previous Comments:
------------------------------------------------------------------------
[2001-08-30 11:03:15] [EMAIL PROTECTED]
When I turn off allow_url_fopen in php.ini the safe_mode UID check seems to be
disabled.
With "allow_url_fopen = on" an include("/etc/passwd") returns the following error:
"The script whose uid is 10000 is not allowed to access /etc/passwd owned by uid 0"
after I've changed the settings to "allow_url_fopen = off" the inclusion works fine,
so there is no way to prevent customers from including external files and local system
files.
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=13060&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
