ID: 15018
Comment by: [EMAIL PROTECTED]
Old Reported By: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Feature/Change Request
Operating System: Debian Linux
PHP Version: 4.1.0
New Comment:
Danielsan is right... i have had a short look into the sourcecode
(ext/standard/dir.c) and compared chdir-function with
opendir-function.
In PHP_FUNCTION(chdir) i found this three-liner which seems to be a
safe_mode-Check:
-------------------------
if (PG(safe_mode) && !php_checkuid((*arg)->value.str.val, NULL,
CHECKUI$
RETURN_FALSE;
}
-------------------------
PHP_FUNCTION(opendir) (or _php_do_opendir() to which this function
refers) does not have such a check, just a short open_basedir-Check.
Oh, btw, it seems for me that chdir doesn't do a open_basedir-Check but
i may be wrong.
cu, Roland
PS: All what i said is just 'imho' and 'afaik' because i do not have
many expiences with C!
Previous Comments:
------------------------------------------------------------------------
[2002-01-14 08:55:06] [EMAIL PROTECTED]
i did not test it, but 'looking at the source code' (TM)
seems you need to use open_basedir to limit opendir()
directory range.
------------------------------------------------------------------------
[2002-01-14 08:25:55] [EMAIL PROTECTED]
On the same system (=same configuration) chdir() IS limited by
safe_mode, opendir() are readdir() are NOT.
This is either a bug, or if it isn't, I'll make it a feature request.
Either way, it should be fixed, I think.
Kind Regards,
Daniel Lorch
------------------------------------------------------------------------
[2002-01-13 15:31:47] [EMAIL PROTECTED]
Sorry for the bogus.
Would you care to elaborate? I seem to be misunderstanding something. I
just don't understand why - with the same configuration - chdir() cares
about the UID, and opendir/readdir don't. chdir raises a "SAFE MODE
Restriction in effect" whereas readdir() and opendir() let me browse
through all directories where I have apache allowed to.
Thanks for your help.
Kind Regards,
Daniel Lorch
------------------------------------------------------------------------
[2002-01-13 14:50:47] [EMAIL PROTECTED]
Like I mentioned on the mailing list, opendir() is the function that
would be relevant here. It is analogous to saying that mysql_query()
should block you from accessing data in a database as opposed to this
access restriction being placed on the mysql_connect() call. If the
perms on the dir are such that opendir() can read the directory under
safe-mode, then readdir() is going to give you a list of the files in
that dir.
Whether you can actually open and read those individual files
themselves is of course another issue and any such access would be
subject to a safe-mode check. But an individual readdir() call does
not have any safe-mode implications.
------------------------------------------------------------------------
[2002-01-13 14:43:21] [EMAIL PROTECTED]
I hope this is not just a configuration problem. We have safe_mode
turned on and all file-system functions ARE limited by safe_mode - only
readdir() doesn't seem to be. Would anyone mind to have a look at this?
I have provided a sample script so it shouldn't take long to test it
with your configuration:
----------------------------------
<?php
function list_dir($dir) {
$h = @opendir($dir);
if(!$h)
return false;
while($e = readdir($h)) {
$p = $dir . '/' . $e;
if($p != '.' && $p != '..')
if(is_dir($p))
echo '[DIR] ', $e, "<br>\n";
else
echo $e, "<br>\n";
}
closedir($h);
}
list_dir($QUERY_STRING);
?>
----------------------------------
just save this file as for example "dir.php" and run with
dir.php?/home/customer/
to list contents. I looked at the release announcement of 4.1.1 and
there was no description of this bug:
http://www.php.net/release_4_1_1.php
I also looked through the existing bug database and found nothing about
it. Excuse me if it's a dupe or even a bogus.
Kind Regards,
Daniel Lorch
http://daniel.lorch.cc/
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=15018&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
