php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #17536 safe_mode_include_dir does not work properly with symbolic links.
Submitted: 2002-05-30 20:17 UTC Modified: 2005-01-31 22:59 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (33.3%)
From: mburger at netbeyond dot de Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 4.2.1 OS: Linux (SuSE)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mburger at netbeyond dot de
New email:
PHP Version: OS:

 

 [2002-05-30 20:17 UTC] mburger at netbeyond dot de 
Hello,

I think safe_mode_include_dir does not work properly with symbolic
links. Here my configuration:


<VirtualHost 134.96.x.y>
    DocumentRoot /kunden/hosting/server/doma.in/sub/htdocs
    ServerName sub.doma.in

    <IfModule mod_php4.c>
        php_admin_value safe_mode 1
        php_admin_value safe_mode_exec_dir /usr/bin
        php_admin_value safe_mode_include_dir /kunden/hosting/server/doma.in/sub

        php_admin_value open_basedir /kunden/hosting/server/doma.in/sub

        php_admin_value upload_tmp_dir /kunden/hosting/server/doma.in/sub/tmp

        php_admin_value include_path .:/kunden/hosting/server/doma.in/sub/lib_php

        php_admin_value error_reporting 2023
    </IfModule>


</VirtualHost>


I copied

    /usr/local/lib/php/.

to

    /kunden/hosting/server/doma.in/sub/lib_php/

(PEAR).

Everthing in .../sub/lib_php/. is owned by root.root, the remaining
files and dirs in .../sub/ by vs1.www

If I try to include 'System.php' I get this error:

    Warning: SAFE MODE Restriction in effect. The script whose uid is
    504 is not allowed to access
    /kunden/hosting/server/doma.in/sub/lib_php/System.php owned by uid
    0 in /var/www/doma.in/sub/htdocs/index.php on line 9

You should know there is a symbolic link:

    /kunden/hosting/server -> /var/www


If I change the line with safe_mode_include_dir as following
    
    php_admin_value safe_mode_include_dir /var/www/doma.in/sub

the include statements works as expected.

Regards,
   Martin

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-10-24 15:50 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip
 [2002-11-09 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 13:01:31 2024 UTC