Hi,
help is always appricaited. Without taking a closer look, is
this the only function which should be 'guarded' or are there
other within the ext/posix extensions?
- Markus
On Thu, Apr 25, 2002 at 04:30:06AM -0000, [EMAIL PROTECTED] wrote :
> ID: 16733
> Updated by: [EMAIL PROTECTED]
> Reported By: [EMAIL PROTECTED]
> Status: Analyzed
> Bug Type: POSIX related
> Operating System: Unix
> PHP Version: 4.2.0
> New Comment:
>
> I think that it shouldn't take too long to add the following checks,
> maybe I can try helping if you are all busy:
>
> - in case safe_mode is on and script doesn't run as root, then disallow
> the posix_get* functions.
>
> - in case open_basedir restricts access to /etc then the posix_get*
> functions should be working neither.
>
>
> Previous Comments:
> ------------------------------------------------------------------------
>
> [2002-04-23 18:25:41] [EMAIL PROTECTED]
>
> reclassified
>
> ------------------------------------------------------------------------
>
> [2002-04-23 17:45:25] [EMAIL PROTECTED]
>
> No, the extensions that work only with cli are: pcntl, ncurses and
> readline.
>
> ------------------------------------------------------------------------
>
> [2002-04-22 13:00:49] [EMAIL PROTECTED]
>
> Hmm. I was under the impression ext/posix is disabled non-cli SAPI's.
>
> Checking this out.
>
> ------------------------------------------------------------------------
>
> [2002-04-22 12:53:42] [EMAIL PROTECTED]
>
> I noticed that many of the posix_* functions DO NOT check wether
> safe_mode or open_basedir restrict access to the user database thus
> allowing a user to rebuild a complete /etc/passwd without permissions
> to read /etc/passwd or access the /etc directory.
>
> This is dangerous in some cases where login are kept secret as it
> allows a user to know what accounts have what privileges and what
> accounts have access to a shell or not.
> For now there is only one thing to do, disable these functions but i'm
> pretty sure that adding checks to see values of safe_mode and/or
> open_basedir would be a nice thing to do.
>
> Here's a script that rebuilds /etc/passwd when safe_mode is enabled and
> open_basedir is set to the user homedirectory:
>
> <?
> for ($i = 0; $i < 60000; $i++)
> {
> if (($tab = @posix_getpwuid($i)) != NULL)
> {
> echo $tab['name'].":";
> echo $tab['passwd'].":";
> echo $tab['uid'].":";
> echo $tab['gid'].":";
> echo $tab['gecos'].":";
> echo $tab['dir'].":";
> echo $tab['shell']."<br>";
> }
> }
> ?>
>
> On a very large system, if an execution time is set, this will not end
> up, but hopefully the posix_getpwent() function is missing so the user
> has to go through all possible uid's.
>
> ------------------------------------------------------------------------
>
>
> --
> Edit this bug report at http://bugs.php.net/?id=16733&edit=1
--
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc
"Mind if I MFH ?" "What QA did you do on it?" "the usual?" "ah... none :)"
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
