Re: [PHP-DEV] Re: Bug #17168: error_log can be used to bypass safe_mode

Sun, 12 May 2002 14:21:18 -0700 

Right, but it would seem like we need a bit of a general purpose check on
ini_set() from userspace.  There are probably other directives that we may
not want to allow or at least want to check from safe_mode.  But yes,
that's the code I was looking at.  I think we should apply the safe-mode
restriction on the argument in the ini handler.

-R

On Mon, 13 May 2002, Zeev Suraski wrote:

> We can check it at the ini handler level.
>
> We can either forbid modifying error_log from userspace (denying
> PHP_INI_USER),  deny it only in safe mode, or even apply the safe mode
> restriction at that level.
>
> At 00:25 13/05/2002, Rasmus Lerdorf wrote:
> >Not quite sure how to fix this one.  It's not like we can simply check
> >before we open the error_log file in general, because that might be set
> >by the server admin, it is only if the user tries to redefine where this
> >error logfile should be that we want to apply the safe-mode restriction.
> >Even if we try to do everything in the VCWD stuff in 4.3 we will have to
> >keep some sort of state that tells us who provided the error
> >logfile pathname
> >
> >-Rasmus
> >
> >On 12 May 2002 [EMAIL PROTECTED] wrote:
> >
> > > From:             [EMAIL PROTECTED]
> > > Operating system: Linux 2.4.18
> > > PHP version:      4.2.0
> > > PHP Bug Type:     Scripting Engine problem
> > > Bug description:  error_log can be used to bypass safe_mode
> > >
> > > By doing ini_set('error_log', 'any_path); The user can append data to any
> > > file writeable by the webserver.
> > > --
> > > Edit bug report at http://bugs.php.net/?id=17168&edit=1
> > > --
> > > Fixed in CVS:        http://bugs.php.net/fix.php?id=17168&r=fixedcvs
> > > Fixed in release:    http://bugs.php.net/fix.php?id=17168&r=alreadyfixed
> > > Need backtrace:      http://bugs.php.net/fix.php?id=17168&r=needtrace
> > > Try newer version:   http://bugs.php.net/fix.php?id=17168&r=oldversion
> > > Not developer issue: http://bugs.php.net/fix.php?id=17168&r=support
> > > Expected behavior:   http://bugs.php.net/fix.php?id=17168&r=notwrong
> > > Not enough info:     http://bugs.php.net/fix.php?id=17168&r=notenoughinfo
> > > Submitted twice:     http://bugs.php.net/fix.php?id=17168&r=submittedtwice
> > > register_globals:    http://bugs.php.net/fix.php?id=17168&r=globals
> > >
> >
> >
> >--
> >PHP Development Mailing List <http://www.php.net/>
> >To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to