PHP :: Bug #12121 :: chdir and safe

Bug #12121	chdir and safe_mode
Submitted:	2001-07-12 20:39 UTC	Modified:	2001-07-13 14:20 UTC
From:	sintes at nfrance dot com	Assigned:	jflemer (profile)
Status:	Closed	Package:	*Directory/Filesystem functions
PHP Version:	4.0.6	OS:	OpenBSD 2.7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sintes at nfrance dot com
New email:
PHP Version:		OS:

New Comment:

[2001-07-12 20:39 UTC] sintes at nfrance dot com

php with safe_mode actived.

./configure --enable-safe-mode \
--with-apache=../apache-1.3.19

Default php.ini except safe_mode on.

Contexte:
--------
  following script is /home/fred/chdir.php
  /home/fred/chdir.php is 3654/3654 (fred/fred)
  /home/fred is 3654/3654 (fred/fred) mode 755
  /home is 0/0 (root/wheel) mode 755
  httpd runs as www. As php is an apache module,
  php scripts are running as www too.



Script (output follows)
------

<?

print "current directory" . getcwd() . "<br><br>";

$l = array (".", "/home/fred/", "/home/fred/.",
"/home/fred/./../", "/home/fred/./", "/home/");
foreach ($l as $wd) {                                               
        if (chdir ("$wd")) {
                print "chdir($wd) OK  <br>";
        }
        else {
                print "chdir($wd) error <br>";
        }
        print "current directory " . getcwd() . "<br><br>";
} 
 
?>

Ouput
-----

current directory/home/fred

chdir(.) OK 
current directory /home/fred


Warning: SAFE MODE Restriction in effect. The script whose uid is 3564 is not allowed to access /home/fred owned by uid 0 in /home/fred/chdir.php
on line 7
chdir(/home/fred/) error 
current directory /home/fred

chdir(/home/fred/.) OK 
current directory /home/fred

chdir(/home/fred/./../) OK 
current directory /home

chdir(/home/fred/./) OK 
current directory /home/fred


Warning: Unable to access /home in /home/fred/chdir.php on line 7
chdir(/home/) error 
current directory /home/fred

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-07-12 21:23 UTC] jflemer@php.net

[ in ext/standard/dir.c:274 ]
I think that php_checkuid() should be called with CHECKUID_ALLOW_ONLY_FILE (whcih does not exist yet) instead of CHECKUID_ALLOW_ONLY_DIR. Meaning -- if the passed "filename" does not meet UID/GID test, it should *not* try stripping the last element and trying agian.


I am working on bug #12119, which is (sort of) related.

[2001-07-13 14:20 UTC] jflemer@php.net

o Fixed Bug #12121: chdir and safe_mode
  - [ ext/standard/dir.c ] changed php_checkuid() to use
    CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR

  - [ main/safe_mode.h ] added new checkuid mode:
    CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
	fails

  - [ main/safe_mode.c ] added code for new checkuid mode

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 16:01:29 2024 UTC