ID: 11322 Updated by: jflemer Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Filesystem function related Operating System: Linux PHP Version: 4.0.4pl1 New Comment: It looks like the 'copy' command has been patched to check source and destination in CVS. Previous Comments: ------------------------------------------------------------------------ [2001-06-06 16:28:40] [EMAIL PROTECTED] I'm a chinese user, and I give thousands of students websites with PHP-enabled within ONE machine. I found that: There ARE some security holes in multiuser environment for PHP concerning file system functions and directory funtions: 1.file-system functions such as 'fopen' are restricted by 'safe mode' and 'open_basedir', but 'copy' only checks the 'source' argument, not the 'destination', so one can copy his own scripts to someone else' directory and bypass the 'open_basedir' restriction. 2.'dir' class is not restricted by 'safe mode' or 'open_basedir'!!! 3.'chdir' is dangerous. one user can 'chdir' to another user's directory and access the files. ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=11322&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
