PHP :: Bug #22270 :: cgi binary parses itself when called directly

Bug #22270	cgi binary parses itself when called directly
Submitted:	2003-02-18 07:29 UTC	Modified:	2003-08-06 18:39 UTC
From:	zlo at canada dot com	Assigned:	shane (profile)
Status:	No Feedback	Package:	CGI/CLI related
PHP Version:	4CVS-2003-02-18 (stable)	OS:	RedHat 7.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	zlo at canada dot com
New email:
PHP Version:		OS:

New Comment:

[2003-02-18 07:29 UTC] zlo at canada dot com

when PHP cgi binary is called from cgi-bin without cgi-redirect, it parses itself (argv[0] of the binary, whatever that happens to be)! i don't think it represents much of a security problem (it still does to some extent, because it reveals path to php and default settings), and no sane person will run the cgi binary without cgi-redirect, but i don't think its the way its supposed to be either..

here is a simple example; this also works with the php binary itself in place of this binary. 
this results in some binary output and the typical phpinfo() page in the middle:
# cat php.c

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

const char *PHP_BINARY="/path/to/php/bin/php";
const char * dummy="<?php phpinfo(); ?>";

int main(int argc, char *argv[]){
  execl(PHP_BINARY,argv[0],0);
  return 1;
};

p.s. btw this simple wrapper (without the phpinfo() part, or course) can be used as a workaround for the vulnerability with cgi-redirect that resulted in the release of 4.3.1 since it removes parameters before exec'ing php itself..

p.p.s. where can i post "feedback"? i can't seem to find it..

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-02-19 01:09 UTC] shane@php.net

This has happened for some time, it's a big part of what prompted my starting on rewriting cgi stuff.  It shouldn't happen with 4.3 if cgi.fix_pathinfo=1, or if you don't compile with discard-path.

[2003-02-19 10:06 UTC] zlo at canada dot com

here is my configure:
./configure' '--with-config-file-path=/path/to/php' '--prefix=/path/to/php-test' '--enable-force-cgi-redirect' '--disable-cli' '--enable-bcmath' '--enable-trans-sid' '--with-zlib-dir=/build/zlib-1.1.4' '--with-mysql=/usr/local' 

i also put cgi.fix_pathinfo in php.ini, doesn't help.

[2003-05-26 18:26 UTC] sniper@php.net

Does this happen with latest stable snapshot from snaps.php.net ?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 04:00:01 2025 UTC