PHP :: Bug #18823 :: open_basedir not working for include() or readfile()

Bug #18823

open_basedir not working for include() or readfile()

Submitted:

2002-08-09 00:01 UTC

Modified:

2005-01-31 22:40 UTC

Votes:	2
Avg. Score:	3.5 ± 0.5
Reproduced:	1 of 2 (50.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

matt at haught dot com

Assigned:

Status:

Closed

Package:

Safe Mode/open_basedir

PHP Version:

4.2.2

OS:

FreeBSD-4.4-RELEASE

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	matt at haught dot com
New email:
PHP Version:		OS:

New Comment:

[2002-08-09 00:01 UTC] matt at haught dot com

I am using an Aug 6th cvs build of php4 on apache-1.3.26.  I have chrooted apache and I also wanted to use open_basedir to help improve security between users.  My open_basedir is set to "/www/admin/:/www/global.include/", and to test open_basedir i created /www/admin/basedir.php which contains:
<?php
echo 'Include test<br>'
include("/etc/resolv.conf");
echo '<br><br>Readfile test <br>';
echo readfile("/etc/resolv.conf");
?>
The result is the printing of my nameservers from outside the open_basedir.  I do however get a open_basedir warning for trying to open outside files using fopen/fread and also readdir, but not with include(), include_once(), or readfile().

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-26 22:26 UTC] matt at haught dot com

This was fixed in cvs; main/streams.c 1.73 by wez.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jan 05 02:01:28 2025 UTC