[PHP-DEV] uhm.. *swallows*.. security thingy?

2001-12-11 Thread Mathieu Kooiman 

There's a problem with PHP cgi binaries:

CaPS_ (was a CVS, so..)
CaPS_ which reminds me
CaPS_ remember my ranting about php.ini derick?
CaPS_ (it opens ./php.ini, config_file_path/php.ini, checks PHPRC
environment)
CaPS_ in that order
CaPS_ I got some 'friends' who work at hosters
CaPS_ and they don't like that
CaPS_ cos, ./php.ini will enable users to override safe mode
CaPS_ made a lill patch for him so it wouldn't
CaPS_ but, isn't it an idea to add --restrictive-hosting or something
that'll ''activate'' that patch ?
CaPS_ (limit php.ini to be in config-file-path)
OpenSrc yes
OpenSrc no switch
OpenSrc just reverse it :)
CaPS_ que
CaPS_ ?
OpenSrc change the order
OpenSrc let the MAIN php.ini override values in PHPRC/php.ini
CaPS_ it doesn't sequentially parse them
CaPS_ but one
OpenSrc oh
OpenSrc then that need to be fixed :)
CaPS_ either ./php.ini, php.ini or PHPRC
OpenSrc write it to php-dev

It allows users to set their own options in a ./php.ini, as in
override user_dir, open_basedir and safe_mode.

My default php.ini has error_reporting set to E_ALL:

test.php:

?php
echo $test;
?

php.ini-ex:
error_reporting = E_ALL  ~E_NOTICE

caps@anaina:~/php-4.1.0$ ./php -q test.php
PHP Warning: undefined variable: test in /home/caps/php-4.1.0/test.php
on line 3

caps@anaina:~/php-4.1.0$ mv php.ini-ex php.ini
caps@anaina:~/php-4.1.0$ ./php -q test.php
caps@anaina:~/php-4.1.0$

This was reported and discussed (on IRC) first on Nov 15
(http://bugs.php.net/bug.php?id=14071), granted.. filed incorrectly.

I'd say this is quite serious when you're a hoster who only allows PHP
in CGI mode.

Wouter de Jong is the one who actually discovered this.

-- 
Mathieu 'CaPS_' Kooiman [EMAIL PROTECTED]
MAP Internet Services






-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] uhm.. *swallows*.. security thingy?

2001-12-11 Thread Mathieu Kooiman 

On Tue, 2001-12-11 at 14:04, Zeev Suraski wrote:
 At 12:36 11/12/2001, Mathieu Kooiman wrote:
 On Tue, 2001-12-11 at 11:29, Zeev Suraski wrote:
   Would the cwd of the PHP CGI be inside the user's dir?  Did you test it in
   a real CGI environment?
  
   Zeev
 
 Err, PHP CGI would be in /usr/local/bin/php..
 
 Yeah, but that's not what I asked - I asked about the cwd (current working 
 directory :)
 

There are situaties where you have like:

/opt/guide/somesite.com/cgi-bin
/opt/guide/somesite.com/htdocs
/opt/guide/somesite.com/logs

cgi-bin and htdocs (2 possible cwds) are under user control.

(if *that*'s what you meant)

 'Wouter' tells me he has tested it in a real CGI environment.
 
 This is exploitable iff the cwd of PHP when running as a CGI is a directory 
 under the user's control.
 
 Zeev



-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] zend_parse_parameters()

2001-12-04 Thread Mathieu Kooiman 

Hiya,

For my module I've been playing with zend_parse_parameters().
I ran into something weird though:

--
zval *rsrc_pdb;
char *data;
int s_len = 0, index = 0, mode = PDB_ADD_APPEND;

if ( zend_parse_parameters ( ZEND_NUM_ARGS() TSRMLS_CC, rsdd,
rsrc_pdb, data, s_len, index, mode) == FAILURE) {
return;
}
--

This works. As in, it doesn't return FAILURE. However, after
inspecting this with gdb, s_len seems to still be 0 after calling
zend_parse_parameters()..

Am I doing something wrong or is zend_parse_parameters() ??

Mathieu



-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] zend_parse_parameters()

2001-12-04 Thread Mathieu Kooiman 

On Tue, 2001-12-04 at 15:02, Markus Fischer wrote:
 You're trying to fit a double into an int .. doesn't seem
 right to me. int is 4 bytes, double 8 bytes (at least on i386
 here).
 
 - Markus

README.PARAMETERS_PARSING_API tells me 's' gets you the string
and it's length..

Quote:

Examples

/* Gets a long, a string and its length, and a zval */
long l;
char *s;
int s_len;
zval *param;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, lsz,
  l, s, s_len, param) == FAILURE) {
return;
}



So IMO, my code should work..

 
 On Tue, Dec 04, 2001 at 02:47:05PM +0100, Mathieu Kooiman wrote : 
  For my module I've been playing with zend_parse_parameters().
  I ran into something weird though:
  
  --
  zval *rsrc_pdb;
  char *data;
  int s_len = 0, index = 0, mode = PDB_ADD_APPEND;
  
  if ( zend_parse_parameters ( ZEND_NUM_ARGS() TSRMLS_CC, rsdd,
  rsrc_pdb, data, s_len, index, mode) == FAILURE) {
  return;
  }
  --
  
  This works. As in, it doesn't return FAILURE. However, after
  inspecting this with gdb, s_len seems to still be 0 after calling
  zend_parse_parameters()..
  
  Am I doing something wrong or is zend_parse_parameters() ??
  
  Mathieu
  
  
  
  -- 
  PHP Development Mailing List http://www.php.net/
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  To contact the list administrators, e-mail: [EMAIL PROTECTED]
 
 -- 
 Please always Cc to me when replying to me on the lists.
 
 -- 
 PHP Development Mailing List http://www.php.net/
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] zend_parse_parameters()

2001-12-04 Thread Mathieu Kooiman 

You're right, sorry :-)

Thanks Markus.. (and Derick too :D )

-- Mathieu

On Tue, 2001-12-04 at 15:07, Markus Fischer wrote:
 Yo !
 
 But you specified two doubles dd after the string and try to fit
 them into ints!
 
 - Markus
 
 On Tue, Dec 04, 2001 at 03:00:13PM +0100, Mathieu Kooiman wrote : 
  On Tue, 2001-12-04 at 15:02, Markus Fischer wrote:
   You're trying to fit a double into an int .. doesn't seem
   right to me. int is 4 bytes, double 8 bytes (at least on i386
   here).
   
   - Markus
  
  README.PARAMETERS_PARSING_API tells me 's' gets you the string
  and it's length..
  
  Quote:
  
  Examples
  
  /* Gets a long, a string and its length, and a zval */
  long l;
  char *s;
  int s_len;
  zval *param;
  if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, lsz,
l, s, s_len, param) == FAILURE) {
  return;
  }
  
  
  
  So IMO, my code should work..
  
   
   On Tue, Dec 04, 2001 at 02:47:05PM +0100, Mathieu Kooiman wrote : 
For my module I've been playing with zend_parse_parameters().
I ran into something weird though:

--
zval *rsrc_pdb;
char *data;
int s_len = 0, index = 0, mode = PDB_ADD_APPEND;

if ( zend_parse_parameters ( ZEND_NUM_ARGS() TSRMLS_CC, rsdd,
rsrc_pdb, data, s_len, index, mode) == FAILURE) {
return;
}
--

This works. As in, it doesn't return FAILURE. However, after
inspecting this with gdb, s_len seems to still be 0 after calling
zend_parse_parameters()..

Am I doing something wrong or is zend_parse_parameters() ??

Mathieu



-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
   
   -- 
   Please always Cc to me when replying to me on the lists.
   
   -- 
   PHP Development Mailing List http://www.php.net/
   To unsubscribe, e-mail: [EMAIL PROTECTED]
   For additional commands, e-mail: [EMAIL PROTECTED]
   To contact the list administrators, e-mail: [EMAIL PROTECTED]
  
 
 -- 
 Please always Cc to me when replying to me on the lists.
 
 -- 
 PHP Development Mailing List http://www.php.net/
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] PHP Module for reading/writing Palmtop .PDB files..

2001-12-03 Thread Mathieu Kooiman 

Hiya,

I'm almost done writing a PHP module for my library, pdb-lib, which
enables you to read and write .PDB files on the PC.

This library is not YET available. I have some question pending
somewhere and after that I'll release it (GPL).

Is there any interest in adding this to the PHP dist ?

-- Mathieu




-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] PHP Module for reading/writing Palmtop .PDB files..

2001-12-03 Thread Mathieu Kooiman 

On Mon, 2001-12-03 at 10:03, Sterling Hughes wrote:
  Hiya,
  
  I'm almost done writing a PHP module for my library, pdb-lib, which
  enables you to read and write .PDB files on the PC.
  
  This library is not YET available. I have some question pending
  somewhere and after that I'll release it (GPL).
  
  Is there any interest in adding this to the PHP dist ?
 
 
 Well, I think its more appropriate for PECL (its cool - I just don't
 see a reason to add it to the main distribution).  

What's this PECL ?

PHP's Enormously Cool Library ?

 But aside from that
 we can't add code that links to GPL software in the PHP distribution
 simply cause the PHP license and GPL conflict (LGPL is fine btw).

Reality check, so if the Library is onder GPL, it can't be added?
Or if the MODULE is under GPL.. cos.. heck, I'll make LGPL..

 
 -Sterling
  
  -- Mathieu
  
  
  
  
  -- 
  PHP Development Mailing List http://www.php.net/
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  To contact the list administrators, e-mail: [EMAIL PROTECTED]
  



-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] python dictionary-like % (percent) substitution inphp (was: Good idea in % (percent) substitutions in string)

2001-08-28 Thread Mathieu Kooiman 




On Tue, 28 Aug 2001, it was written:

 I have seen that in php there isn't nothing similar to dictionary
 substitution in python.
 (a dictionary is an array with string keys, like hash in perl)
 
 This change consist in adding two functions (a stay for array):
 aprintf(string format, array dict) -- like printf, print the result
 saprintf(string format, array dict) -- like sprintf, return the result
qy 
 It works like this (written in php-like language):
 
 format - my name is %(name)s and i'm %(age)s
 dict - array( name=tom, age= eighteen );
 
 (in php, unlike python, is possible to make an array with both string and
 number indices, so the format can be also %(2)s,...)
 
 aprintf(format,dict) -- print my name is tom and i'm eighteen
 saprintf(format,dict) -- return my name is tom and i'm eighteen
 
 in python, these substitutions are very useful, especially in cgi
 programming, for making templates from text files, in php could be
 useful in, for example, language customisation, or message formatting,
 etc...
 
 An example:
 if ($lang == it)
   define(MESSAGE,il %(animal)s %(color)s sta %(action)s %(target)s);
 else
   define(MESSAGE,the %(color)s %(animal)s is %(action)s);
 
 aprintf(MESSAGE,array(animal=cobra,color=green,action=eating,target
 =mouse));
 // if the %(target)s isn't found, is ignored.
 
 
 (the s terminator could be substituted with other letters, like d for
 numbers, etc...)
 
 This approach has several advantages over something like this:
 the $color $animal is $action
 because in this phrase, variables are substituted when the parser execute
 it, and in this case:
 the %(color)s %(animal)s is %(action)s
 parameters are substituted only when the phrase is parsed with a specialized
 function like aprintf
 
 
 
 I think that this is a good idea and could save a lot of time when the
 program need to be as modular as possible.
 
 
 Federico Marani
 [EMAIL PROTECTED]
 
 
 
 
 
 -- 
 PHP Development Mailing List http://www.php.net/
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] python dictionary-like % (percent) substitution inphp (was: Good idea in % (percent) substitutions in string)

2001-08-28 Thread Mathieu Kooiman 


Crap! Hit send for some reason.. 
When I just decided to *not* send anything :P

Sorry.

Met vriendelijke groet,

Mathieu Kooiman [EMAIL PROTECTED], [EMAIL PROTECTED]




-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Ncurses Patch

2001-08-25 Thread Mathieu Kooiman 

I added some functions to the ncurses function to make it
a bit more usable..

Mathieu Kooiman




 ncurses_diff.gz

-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]