php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #9516 No trivial way to bypass safe mode when running as a shell
Submitted: 2001-03-01 19:26 UTC Modified: 2006-10-27 00:58 UTC
From: bram at xspace dot com Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-03-01 19:26 UTC] bram at xspace dot com 
I keep PHP both as an apache module and as a standalone shell,

However, to be responsible, I need safe mode for the apache module and so it's in the .ini file.

But when I run the script from a standalone shell from suexec, PHP insists on
reading the .ini, going into safe mode, and then setuid's -1, from which there is
no recovery.

There is no way around this except to compile each version with a separate config-file-path, one path has a config without safe_mode and one does.

Scenario:
    script file has same owner uid as POSIX getuid()
    script is being executed through a shell (#!/usr/local/bin/php)

You cannot specify an alternate config file from the shell invocation when being executed from suexec -- it
will keep on reporting, "No input file specified" (which is an entirely separate issue.)

There should be an option for the shell not to enter safe-mode, and it could be specified as part
of the shell invocation line in the script, (ie #!/usr/local/bin/php --no-safe-mode)  I think if some restriction control could be placed in the .ini file to restrict who is allowed to perform that function, that would safe enough.

Bram

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-27 00:58 UTC] rasmus@php.net 
Safe mode is gone now so this doesn't apply anymore.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 08:01:28 2024 UTC