Hi!
I patched safe_mode.c to compare the uid of files not only to the uid of
the php-script but also to the uid of the process itself. This allows
php-scripts to handle files created by themselves or by the webserver (in
my case: apache), for example uploaded files.
i wasn't able to delete or move uploaded files when safe_mode-Restrictions
were in affect.
Sorry for my stupid english :-)
$ diff --unified php-4.1.1/main/safe_mode.c php-4.1.1-rt1/main/safe_mode.c
--- php-4.1.1/main/safe_mode.c Sun Aug 5 03:42:44 2001
+++ php-4.1.1-rt1/main/safe_mode.c Fri Jan 11 11:05:29 2002
@@ -89,7 +89,7 @@
} else {
uid = sb.st_uid;
gid = sb.st_gid;
- if (uid == php_getuid()) {
+ if (uid == php_getuid() || uid == getuid()) {
return 1;
} else if (PG(safe_mode_gid) && gid ==
php_getgid()) {
return 1;
@@ -121,7 +121,7 @@
}
duid = sb.st_uid;
dgid = sb.st_gid;
- if (duid == php_getuid()) {
+ if (duid == php_getuid() || duid == getuid()) {
return 1;
} else if (PG(safe_mode_gid) && dgid == php_getgid()) {
return 1;
A php.ini-Directive to change this bevavior would be nice.
cu, Roland Tapken
--
<========{ [EMAIL PROTECTED] }========>
/"\
\ / ASCII ribbon campaign
X against HTML mail
/ \ and postings
<========={ ICQ#: 18715473 }=========>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
