php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50063 safe_mode_include_dir fails
Submitted: 2009-11-03 16:15 UTC Modified: 2009-11-12 17:23 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: christian at elmerot dot se Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 5.3, 6 OS: Debian Etch, Lenny
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: christian at elmerot dot se
New email:
PHP Version: OS:

 

 [2009-11-03 16:15 UTC] christian at elmerot dot se
Description:
------------
Using the following config options ignores the safe_mode_include_dir and does a uid-check even though the php-file is in the safe_mode_include_dir. This is likely still present in 5.3.1RC2

safe_mode = On

safe_mode_include_dir = /usr/share/php

include_path = ".:/usr/share/php"

The following code:

<?php
	require_once("PEAR/Exception.php");
	echo "OK";
?>

To me it appears that PHP 5.3.x now use a different code-path to open files as the following patch against the function php_plain_files_stream_opener 5.3.0 solves the issue for us as it appears there is no safe_mode_include_dir-check although there is a safe_mode uid-check:

--- main/streams/plain_wrapper.c	2009-11-03 15:52:59.414872711 +0100
+++ main/streams/plain_wrapper.c	2009-11-03 15:52:59.420045302 +0100
@@ -988,6 +988,10 @@
 		return NULL;
 	}
 
+	if ((php_check_safe_mode_include_dir(path TSRMLS_CC)) == 0) {
+		return php_stream_fopen_rel(path, mode, opened_path, options);
+	}
+
 	if ((options & ENFORCE_SAFE_MODE) && PG(safe_mode) && (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM)))
 		return NULL;
 


Reproduce code:
---------------
<?php
	require_once("PEAR/Exception.php");
	echo "OK";
?>

Expected result:
----------------
OK

Actual result:
--------------
Warning: require() [function.require]: SAFE MODE Restriction in effect. The script whose uid is 771909 is not allowed to access /usr/share/php/PEAR/Exception.php owned by uid 0 in /xxxxxxxxxxxxx/peartest.php on line 2

Warning: require(/usr/share/php/PEAR/Exception.php) [function.require]: failed to open stream: No such file or directory in /xxxxxxxxxxxxx/peartest.php on line 2

Fatal error: require() [function.require]: Failed opening required 'PEAR/Exception.php' (include_path='.:/usr/share/php') in /xxxxxxxxxxxxx/peartest.php on line 2

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-03 16:47 UTC] christian at elmerot dot se
"Actual output" should be:

Warning: require_once() [function.require-once]: SAFE MODE Restriction in effect. The script whose uid is 35873 is not allowed to access /usr/share/php/PEAR/Exception.php owned by uid 0 in /xxxx/peartest.php on line 2

Warning: require_once(/usr/share/php/PEAR/Exception.php) [function.require-once]: failed to open stream: No such file or directory in /xxxx/peartest.php on line 2

Fatal error: require_once() [function.require]: Failed opening required 'PEAR/Exception.php' (include_path='.:/usr/share/php') in /xxxx/peartest.php on line 2

And of course the file is there: ls -l /usr/share/php/PEAR/Exception.php
-rw-r--r-- 1 root root 12818 Apr 29  2009 /usr/share/php/PEAR/Exception.php
 [2009-11-04 12:30 UTC] jani@php.net
Just to clarify: This does not happen with PHP 5.2.11 ?
 [2009-11-04 13:09 UTC] christian at elmerot dot se
That is correct. I just built a fresh install of 5.2.11 and the issue does not manifest itself there, only in 5.3.0 and onward (5.3.1RC2 and 3 not tested)
 [2009-11-12 15:05 UTC] svn@php.net
Automatic comment from SVN on behalf of johannes
Revision: http://svn.php.net/viewvc/?view=revision&revision=290578
Log: Fix #50063 (safe_mode_include_dir fails)
 [2009-11-12 17:23 UTC] johannes@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC