php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11570 Security Hole on ChDir()
Submitted: 2001-06-20 00:22 UTC Modified: 2001-06-20 10:46 UTC
From: wangshui at nyist dot net Assigned:
Status: Closed Package: Directory function related
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: wangshui at nyist dot net
New email:
PHP Version: OS:

 

 [2001-06-20 00:22 UTC] wangshui at nyist dot net
ChDir() can be use to enter a directory which belongs to others. Hackers can use this hole to break the SafeMode and OpenBaseDir restriction and enter and view and even open files in someone else' directory.
In a multiuser environment where users must have some files with the same owner( such as 'nobody', to handle file-upload tasks), this hole is extremely dangerous.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-20 10:46 UTC] rasmus@php.net
Fixed in CVS
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jan 15 09:01:28 2025 UTC