PHP :: Bug #22368 :: safe mode on allows users to include (read) system files

Bug #22368	safe mode on allows users to include (read) system files
Submitted:	2003-02-21 20:51 UTC	Modified:	2003-02-22 14:10 UTC
From:	phpspam at overclockersclub dot com	Assigned:
Status:	Not a bug	Package:	PHP options/info functions
PHP Version:	4.3.1	OS:	Red Hat 7.2 Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2003-02-21 20:51 UTC] phpspam at overclockersclub dot com

Safe Mode appears to be on, it says its on for local and master via phpinfo() script. I can virtual include /etc/passwd and it will shows the contents of the file. However, "some" function appear to be blocked by safe mode.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-02-22 14:10 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Safemode prevents PHP from opening files owned by a user different from the one PHP is running as. If you /etc/passwd is owned by root and your PHP runs as root safe_mode will not stop PHP from opening the file.

[2003-02-22 17:00 UTC] phpspam at youknow dot com

PHP is NOT ran by root in this case, and the /etc/passwd is owned by root.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 03:01:29 2024 UTC