PHP :: Request #25572 :: safe_mode ignores uid of files written

Request #25572	safe_mode ignores uid of files written
Submitted:	2003-09-17 09:28 UTC	Modified:	2014-04-17 14:21 UTC
From:	Andreas dot Ley at rz dot uni-karlsruhe dot de	Assigned:
Status:	Wont fix	Package:	Safe Mode/open_basedir
PHP Version:	4.3.3	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	Andreas dot Ley at rz dot uni-karlsruhe dot de
New email:
PHP Version:		OS:

New Comment:

[2003-09-17 09:28 UTC] Andreas dot Ley at rz dot uni-karlsruhe dot de

Description:
------------
When using PHP as an apache module and safe_mode is on, PHP checks wether the owner of the script and the owner of the directory where a file should be written match. However, this owner and the uid of the apache process which runs the PHP script may be different (multi-user system with one apache but may user homepages). Thus a user may be able to create files which are owned by the apache user - this is a problem when quotas are enabled to restrict user diskspace usage.

A solution to this issue would be to also check the uid of the apache process against the owner of the directory. A possible implementation is this patch:
http://andy.rz.uni-karlsruhe.de/~andy/source/Patches/php-4.3.3/safe_mode_write-patch
This changes PHPs behaviour in a way which may or may not be desirable at different sites, so this should be configurable either in configure or in php.ini.

This differs from bug #18407, since I don't want to read apache owned files but need to prevent them created (which circumvents quotas). As gtg782a suggested in the notes at http://www.php.net/manual/en/features.safe-mode.php, another solution would be to (safe and secure) change the owner of the files written; this seems much more complicated to me.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-04-17 14:21 UTC] levim@php.net

-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: *General Issues

[2014-04-17 14:21 UTC] levim@php.net

This won't be fixed. Safe mode was deprecated in PHP 5.3 and removed in PHP 5.4/

[2014-04-17 14:21 UTC] levim@php.net

-Package: *General Issues +Package: Safe Mode/open_basedir

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 01:01:30 2024 UTC