php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #35544 pear should ignore safemode/open_basedir
Submitted: 2005-12-04 12:49 UTC Modified: 2006-01-23 17:28 UTC
From: jdolecek at netbsd dot org Assigned: cellog (profile)
Status: Not a bug Package: Feature/Change Request
PHP Version: 5.1.1 OS: NetBSD
Private report: No CVE-ID: None
 [2005-12-04 12:49 UTC] jdolecek at netbsd dot org
Description:
------------
If user sets safemode or open_basedir restriction in their php.ini, they will no longer be able to use pear upgrade etc - the pear call will end with error.

NetBSD pkgsrc patches pear.sh to use -n to ignore
system php.ini, i.e to exec:

exec $PHP -C -q $INCARG -d output_buffering=1 \
 -n $INCDIR/pearcmd.php

This works as long as pear doesn't need any
non-builtin extensions or include path different
to the one compiled into the executable.

FWIW, we had no problem reports about this causing
any problem since the change was introduced (2004/12/12),
so this appears to work fine for all NetBSD pkgsrc
users.

Rather then using -n and ignoring system php.ini
completely, it would be great if CLI PHP either
ignored the open_basedir/safemode setting implicitely
or had a commandline flag to do so (which then would
be used in pear.sh/pear.bat).

Reproduce code:
---------------
Edit php.ini, set open_basedir to /nonexistent.

Then run any pear upgrade from commandline:
> pear upgrade HTML_Common

Expected result:
----------------
downloading HTML_Common-1.2.2.tar ...
Starting to download HTML_Common-1.2.2.tar (-1 bytes)
........done: 20,992 bytes
upgrade ok: channel://pear.php.net/HTML_Common-1.2.2


Actual result:
--------------
Warning: require_once(PEAR.php): failed to open stream: Operation not permitted in pearcmd.php on line 63
PHP Fatal error:  require_once(): Failed opening required 'PEAR.php' (include_path='/usr/pkg/lib/php') in /usr/pkg/lib/php/pearcmd.php on line 63


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-04 21:42 UTC] cellog@php.net
using -n is not an option.

Clearly none of your users has tried to install Image_Color, which depends on the gd extension.

However, we can add a disabling of safe_mode and open_basedir on the command-line which will fix this.
 [2006-01-23 17:28 UTC] cellog@php.net
This is actually a bug in PEAR, and not in the PHP distribution of PEAR, so I have opened PEAR bug #6559

http://pear.php.net/6559

All comments have been duplicated
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 15 01:01:36 2024 UTC