PHP :: Bug #22368 :: safe mode on allows users to include (read) system files

Bug #22368	safe mode on allows users to include (read) system files
Submitted:	2003-02-21 20:51 UTC	Modified:	2003-02-22 14:10 UTC
From:	phpspam at overclockersclub dot com	Assigned:
Status:	Not a bug	Package:	PHP options/info functions
PHP Version:	4.3.1	OS:	Red Hat 7.2 Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	phpspam at overclockersclub dot com
New email:
PHP Version:		OS:

New Comment:

[2003-02-21 20:51 UTC] phpspam at overclockersclub dot com

Safe Mode appears to be on, it says its on for local and master via phpinfo() script. I can virtual include /etc/passwd and it will shows the contents of the file. However, "some" function appear to be blocked by safe mode.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-02-22 14:10 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Safemode prevents PHP from opening files owned by a user different from the one PHP is running as. If you /etc/passwd is owned by root and your PHP runs as root safe_mode will not stop PHP from opening the file.

[2003-02-22 17:00 UTC] phpspam at youknow dot com

PHP is NOT ran by root in this case, and the /etc/passwd is owned by root.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 16:01:31 2024 UTC