php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #3454 Allows access to any directory on server
Submitted: 2000-02-11 07:38 UTC Modified: 2005-03-31 16:13 UTC
From: norikd at usa dot net Assigned:
Status: Wont fix Package: Other
PHP Version: 3.0.12 OS: RedHat 5.1
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: norikd at usa dot net
New email:
PHP Version: OS:

 

 [2000-02-11 07:38 UTC] norikd at usa dot net
php3.ini as follows

safe_mode=1
safe_mode_exec_string=/www/sites/mysite/cgi-bin
doc_root=/www/sites/mysite
open_basedir=/www/sites/mysite
extension=pgsql.so  

test.php3
<?php

copy("/etc/passwd","passwd");  /* this works */
$fd=fopen("passwd","r");           /* so does this */
fclose($fd);                             /* and this */

$fd=fopen("/etc/passwd","r");  /* this does is not successful */
fclose($fd);                           /* as it should not be */

?>    

So the system will allow me to copy the passwd file to a local allowd directory and then open it which bypasses the fact that I have restricted the system with open_basedir directive.

thanks

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-31 16:13 UTC] php-bugs at lists dot php dot net
We are sorry, but we do not support PHP 3 related problems anymore.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Tue Mar 11 06:01:29 2025 UTC