We can check it at the ini handler level.
We can either forbid modifying error_log from userspace (denying
PHP_INI_USER), deny it only in safe mode, or even apply the safe mode
restriction at that level.
At 00:25 13/05/2002, Rasmus Lerdorf wrote:
>Not quite sure how to fix this one. It's not like we can simply check
>before we open the error_log file in general, because that might be set
>by the server admin, it is only if the user tries to redefine where this
>error logfile should be that we want to apply the safe-mode restriction.
>Even if we try to do everything in the VCWD stuff in 4.3 we will have to
>keep some sort of state that tells us who provided the error
>logfile pathname
>
>-Rasmus
>
>On 12 May 2002 [EMAIL PROTECTED] wrote:
>
> > From: [EMAIL PROTECTED]
> > Operating system: Linux 2.4.18
> > PHP version: 4.2.0
> > PHP Bug Type: Scripting Engine problem
> > Bug description: error_log can be used to bypass safe_mode
> >
> > By doing ini_set('error_log', 'any_path); The user can append data to any
> > file writeable by the webserver.
> > --
> > Edit bug report at http://bugs.php.net/?id=17168&edit=1
> > --
> > Fixed in CVS: http://bugs.php.net/fix.php?id=17168&r=fixedcvs
> > Fixed in release: http://bugs.php.net/fix.php?id=17168&r=alreadyfixed
> > Need backtrace: http://bugs.php.net/fix.php?id=17168&r=needtrace
> > Try newer version: http://bugs.php.net/fix.php?id=17168&r=oldversion
> > Not developer issue: http://bugs.php.net/fix.php?id=17168&r=support
> > Expected behavior: http://bugs.php.net/fix.php?id=17168&r=notwrong
> > Not enough info: http://bugs.php.net/fix.php?id=17168&r=notenoughinfo
> > Submitted twice: http://bugs.php.net/fix.php?id=17168&r=submittedtwice
> > register_globals: http://bugs.php.net/fix.php?id=17168&r=globals
> >
>
>
>--
>PHP Development Mailing List <http://www.php.net/>
>To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
