php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27133 tempnam broken in SAFE MODE
Submitted: 2004-02-03 10:01 UTC Modified: 2004-02-03 11:27 UTC
From: kulpp at wsg dot net Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 4.3.4 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kulpp at wsg dot net
New email:
PHP Version: OS:

 

 [2004-02-03 10:01 UTC] kulpp at wsg dot net 
Description:
------------
Back in 4.0.3, tempnam() was changed to actually create the temp file to avoid a race condition. It would seem that the current implemntation is inconsistent with SAFE MODE restrictions which then prevent access to the filename returned by tempnam().



Reproduce code:
---------------
<%
$filename = tempnam('', 'test_');
fopen($filename, 'r');
%>

Expected result:
----------------
no errors or warnings

Actual result:
--------------
Warning: fopen(): SAFE MODE Restriction in effect. The script whose uid is 579 is not allowed to access /tmp/test_zSTbRQ owned by uid 18 in /usr/local/www/docs/test/tempnam_broken.php on line 5

Warning: fopen(/tmp/test_zSTbRQ): failed to open stream: Permission denied in /usr/local/www/docs/test/tempnam_broken.php on line 5

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-03 10:12 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When creating a temporary filename, you should use the 1st 
parameter to the function to specify a directory which you 
will be able to access.
 [2004-02-03 10:13 UTC] sniper@php.net 
see: http://www.php.net/tempnam

And notice the first parameter you can give it..
This is intentional.
 [2004-02-03 10:59 UTC] kulpp at wsg dot net 
I understand the documentation on the first parameter. I am intentionally relying on the rest of documentation that states that it will use the system default temp space in this case.
PS: it exhibits the exact same behaviour with tempnam('\tmp', 'test_')

The temp file IS being created, but it's not owned with the correct UID. Doesn't this behaviour make the tempnam function useless under SAFE MODE?
 [2004-02-03 11:12 UTC] kulpp at wsg dot net 
$filename = tempnam('\tmp', 'test_');
fopen($filename, 'r');

still produces
Warning: fopen(): SAFE MODE Restriction in effect. The script whose uid is 579 is not allowed to access /tmp/test_YNsKKT owned by uid 18 in ...
 [2004-02-03 11:27 UTC] sniper@php.net 
Yes, don't use safe-mode or don't use tempnam.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Apr 04 16:01:29 2025 UTC