Right, but it would seem like we need a bit of a general purpose check on ini_set() from userspace. There are probably other directives that we may not want to allow or at least want to check from safe_mode. But yes, that's the code I was looking at. I think we should apply the safe-mode restriction on the argument in the ini handler.
-R On Mon, 13 May 2002, Zeev Suraski wrote: > We can check it at the ini handler level. > > We can either forbid modifying error_log from userspace (denying > PHP_INI_USER), deny it only in safe mode, or even apply the safe mode > restriction at that level. > > At 00:25 13/05/2002, Rasmus Lerdorf wrote: > >Not quite sure how to fix this one. It's not like we can simply check > >before we open the error_log file in general, because that might be set > >by the server admin, it is only if the user tries to redefine where this > >error logfile should be that we want to apply the safe-mode restriction. > >Even if we try to do everything in the VCWD stuff in 4.3 we will have to > >keep some sort of state that tells us who provided the error > >logfile pathname > > > >-Rasmus > > > >On 12 May 2002 [EMAIL PROTECTED] wrote: > > > > > From: [EMAIL PROTECTED] > > > Operating system: Linux 2.4.18 > > > PHP version: 4.2.0 > > > PHP Bug Type: Scripting Engine problem > > > Bug description: error_log can be used to bypass safe_mode > > > > > > By doing ini_set('error_log', 'any_path); The user can append data to any > > > file writeable by the webserver. > > > -- > > > Edit bug report at http://bugs.php.net/?id=17168&edit=1 > > > -- > > > Fixed in CVS: http://bugs.php.net/fix.php?id=17168&r=fixedcvs > > > Fixed in release: http://bugs.php.net/fix.php?id=17168&r=alreadyfixed > > > Need backtrace: http://bugs.php.net/fix.php?id=17168&r=needtrace > > > Try newer version: http://bugs.php.net/fix.php?id=17168&r=oldversion > > > Not developer issue: http://bugs.php.net/fix.php?id=17168&r=support > > > Expected behavior: http://bugs.php.net/fix.php?id=17168&r=notwrong > > > Not enough info: http://bugs.php.net/fix.php?id=17168&r=notenoughinfo > > > Submitted twice: http://bugs.php.net/fix.php?id=17168&r=submittedtwice > > > register_globals: http://bugs.php.net/fix.php?id=17168&r=globals > > > > > > > > >-- > >PHP Development Mailing List <http://www.php.net/> > >To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php