PHP :: Bug #17161 :: rmdir() bypasses safe

Bug #17161	rmdir() bypasses safe_mode
Submitted:	2002-05-12 10:30 UTC	Modified:	2002-05-12 12:12 UTC
From:	ilia at prohost dot org	Assigned:
Status:	Not a bug	Package:	Scripting Engine problem
PHP Version:	4.2.0	OS:	Linux 2.4.18
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ilia at prohost dot org
New email:
PHP Version:		OS:

New Comment:

[2002-05-12 10:30 UTC] ilia at prohost dot org

rmdir() function can be used to delete directories that a user should be able to delete under safe_mode.

Ex.

mkdir test
chmod 777 test
(gid: user pid: user)

test.php (gid: www pid: www)
<?php rmdir('test'); ?> 

works!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-05-12 12:12 UTC] ilia at prohost dot org

not a bug since only works if the directory which is being removed is located inside a directory with the same uid as the removing script.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 02 16:01:37 2025 UTC