PHP :: Bug #29840 :: [PATCH] is_executable() does not honor safe_mode_exec

Bug #29840

[PATCH] is_executable() does not honor safe_mode_exec_dir setting

Submitted:

2004-08-25 18:06 UTC

Modified:

2008-02-15 08:31 UTC

Votes:	3
Avg. Score:	4.3 ± 0.9
Reproduced:	3 of 3 (100.0%)
Same Version:	2 (66.7%)
Same OS:	3 (100.0%)

From:

markus at cultcom dot de

Assigned:

Status:

Closed

Package:

Safe Mode/open_basedir

PHP Version:

5CVS, 4CVS (2005-01-04)

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	markus at cultcom dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-08-25 18:06 UTC] markus at cultcom dot de

Description:
------------
Seems to be a common problem nobody complains about...
"is_executable()" does not work in safe_mode!

Some PHP-Projects check for sendmail using this function and don't work in safe_mode even if sendmail acutally IS executable (i.e. PEAR: Mail.php).

is_executable() should at least honor the safe_mode_exec_dir directive!

Reproduce code:
---------------
<?php
if( is_executable( "/usr/sbin/sendmail" ) ) {
   print ("no probs!\n");
}
else {
   print ("this really sucks!\n");
}
?>

Try with PHP/CGI and suexec + safe_mode
where example-UID != sendmail-UID


Expected result:
----------------
true, what else?

Actual result:
--------------
false.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-08-12 01:00 UTC] tony2001@php.net

Please try this patch:
http://tony2001.phpclub.net/dev/tmp/bugs_29840_31618.diff
(with the latest snapshot/CVS).

[2005-12-05 11:17 UTC] tomsommer@php.net

Any news on this?

Would appreciate this patch in PHP4 and PHP5

[2005-12-19 18:17 UTC] sniper@php.net

tony2001: 2 words for you: Just commit! :)

[2006-12-09 16:01 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC