from:"David Saez"

[PHP-DEV] [PATCH] include file when using open_basedir

2003-02-23 Thread David Saez

Hi !!

Including or openeing a file fails when all paths defined in
include_path are not also defined in open_basedir, regardless
if the file to open/include is in both definitions.

Imagine include_path = .:/usr/local/lib/php:/usr/local/http-docs
open_basedir = .:/usr/local/http-docs

trying to include a file on /usr/local/http-docs will fail when
_php_stream_fopen_with_path will try to locate the file at
usr/local/lib/php . This could be undestand as a configuration
error, but in a virtual server farm enviroment it's easy to have
include_path defined globaly in php.ini and open_basedir defined
for each virtual server. BTW, it's not too good to fail in this
situation as the requested file meets all requirements. Also the
given error will report 'unable to open /usr/local/lib/php/filename'
due to open_basedir restrictions, where the real requested file
is /usr/local/http-docs/filename

--
Best regards ...

I was arrested for selling illegal sized paper.


   David Saez Padroshttp://www.ols.es
   On-Line Services 2000 S.L.   e-mail  [EMAIL PROTECTED]
   Pintor Vayreda 1 telf+34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
*** streams.c   Sun Feb 23 21:32:40 2003
--- streams.c   Sun Feb 23 21:34:40 2003
***
*** 1741,1746 
--- 1741,1752 
end++;
}
snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename);
+ 
+   /* If file does not exist continue */
+   if (VCWD_STAT(trypath, sb) == 0) {
+   ptr = end;
+   continue;
+   }

if (php_check_open_basedir(trypath TSRMLS_CC)) {
stream = NULL;
***
*** 1748,1764 
}

if (PG(safe_mode)) {
!   if (VCWD_STAT(trypath, sb) == 0) {
!   /* file exists ... check permission */
!   if ((php_check_safe_mode_include_dir(trypath 
TSRMLS_CC) == 0) ||
!   php_checkuid(trypath, mode, 
CHECKUID_CHECK_MODE_PARAM)) {
!   /* UID ok, or trypath is in 
safe_mode_include_dir */
!   stream = php_stream_fopen_rel(trypath, mode, 
opened_path, options);
!   } else {
!   stream = NULL;
!   }
!   goto stream_done;
}
}
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {
--- 1754,1768 
}

if (PG(safe_mode)) {
!   /* file exists ... check permission */
!   if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) 
||
!   php_checkuid(trypath, mode, 
CHECKUID_CHECK_MODE_PARAM)) {
!   /* UID ok, or trypath is in safe_mode_include_dir */
!   stream = php_stream_fopen_rel(trypath, mode, 
opened_path, options);
!   } else {
!   stream = NULL;
}
+   goto stream_done;
}
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [PATCH] warning does not report correct open_basedir

2003-02-23 Thread David Saez

Hi !!

open_basedir warning in fopen_wrappers.c does not correctly report the
real open_basedir paths, it only reports the path it was actually
testing when the test failed. This patch will make it show the correct
information.

--
Best regards ...

I was arrested for selling illegal sized paper.


   David Saez Padroshttp://www.ols.es
   On-Line Services 2000 S.L.   e-mail  [EMAIL PROTECTED]
   Pintor Vayreda 1 telf+34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
*** fopen_wrappers.cSun Feb 23 21:13:08 2003
--- fopen_wrappers.cSun Feb 23 21:13:40 2003
***
*** 192,198 
ptr = end;
}
php_error_docref(NULL TSRMLS_CC, E_WARNING, 
!   open_basedir restriction in effect. File(%s) is not within 
the allowed path(s): (%s), path, pathbuf);
efree(pathbuf);
errno = EPERM; /* we deny permission to open it */
return -1;
--- 192,198 
ptr = end;
}
php_error_docref(NULL TSRMLS_CC, E_WARNING, 
!   open_basedir restriction in effect. File(%s) is not within 
the allowed path(s): (%s), path, PG(open_basedir));
efree(pathbuf);
errno = EPERM; /* we deny permission to open it */
return -1;


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [PATCH] include file when using open_basedir

2003-02-23 Thread David Saez

Hi !!

Correction to last submited patch !!

Including or openeing a file fails when all paths defined in
include_path are not also defined in open_basedir, regardless
if the file to open/include is in both definitions.

Imagine include_path = .:/usr/local/lib/php:/usr/local/http-docs
open_basedir = .:/usr/local/http-docs

trying to include a file on /usr/local/http-docs will fail when
_php_stream_fopen_with_path will try to locate the file at
usr/local/lib/php . This could be undestand as a configuration
error, but in a virtual server farm enviroment it's easy to have
include_path defined globaly in php.ini and open_basedir defined
for each virtual server. BTW, it's not too good to fail in this
situation as the requested file meets all requirements. Also the
given error will report 'unable to open /usr/local/lib/php/filename'
due to open_basedir restrictions, where the real requested file
is /usr/local/http-docs/filename

--
Best regards ...

I was arrested for selling illegal sized paper.


   David Saez Padroshttp://www.ols.es
   On-Line Services 2000 S.L.   e-mail  [EMAIL PROTECTED]
   Pintor Vayreda 1 telf+34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
*** streams.c   Sun Feb 23 21:32:40 2003
--- streams.c   Sun Feb 23 21:34:40 2003
***
*** 1741,1746 
--- 1741,1752 
end++;
}
snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename);
+ 
+   /* If file does not exist continue */
+   if (VCWD_STAT(trypath, sb) != 0) {
+   ptr = end;
+   continue;
+   }

if (php_check_open_basedir(trypath TSRMLS_CC)) {
stream = NULL;
***
*** 1748,1764 
}

if (PG(safe_mode)) {
!   if (VCWD_STAT(trypath, sb) == 0) {
!   /* file exists ... check permission */
!   if ((php_check_safe_mode_include_dir(trypath 
TSRMLS_CC) == 0) ||
!   php_checkuid(trypath, mode, 
CHECKUID_CHECK_MODE_PARAM)) {
!   /* UID ok, or trypath is in 
safe_mode_include_dir */
!   stream = php_stream_fopen_rel(trypath, mode, 
opened_path, options);
!   } else {
!   stream = NULL;
!   }
!   goto stream_done;
}
}
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {
--- 1754,1768 
}

if (PG(safe_mode)) {
!   /* file exists ... check permission */
!   if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) 
||
!   php_checkuid(trypath, mode, 
CHECKUID_CHECK_MODE_PARAM)) {
!   /* UID ok, or trypath is in safe_mode_include_dir */
!   stream = php_stream_fopen_rel(trypath, mode, 
opened_path, options);
!   } else {
!   stream = NULL;
}
+   goto stream_done;
}
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {

-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [PATCH] include file when using open_basedir

[PHP-DEV] [PATCH] warning does not report correct open_basedir

[PHP-DEV] [PATCH] include file when using open_basedir

3 matches

Site Navigation

Mail list logo

Footer information