php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #35544 pear should ignore safemode/open_basedir
Submitted: 2005-12-04 12:49 UTC Modified: 2006-01-23 17:28 UTC
From: jdolecek at netbsd dot org Assigned: cellog (profile)
Status: Not a bug Package: Feature/Change Request
PHP Version: 5.1.1 OS: NetBSD
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jdolecek at netbsd dot org
New email:
PHP Version: OS:

 

 [2005-12-04 12:49 UTC] jdolecek at netbsd dot org 
Description:
------------
If user sets safemode or open_basedir restriction in their php.ini, they will no longer be able to use pear upgrade etc - the pear call will end with error.

NetBSD pkgsrc patches pear.sh to use -n to ignore
system php.ini, i.e to exec:

exec $PHP -C -q $INCARG -d output_buffering=1 \
 -n $INCDIR/pearcmd.php

This works as long as pear doesn't need any
non-builtin extensions or include path different
to the one compiled into the executable.

FWIW, we had no problem reports about this causing
any problem since the change was introduced (2004/12/12),
so this appears to work fine for all NetBSD pkgsrc
users.

Rather then using -n and ignoring system php.ini
completely, it would be great if CLI PHP either
ignored the open_basedir/safemode setting implicitely
or had a commandline flag to do so (which then would
be used in pear.sh/pear.bat).

Reproduce code:
---------------
Edit php.ini, set open_basedir to /nonexistent.

Then run any pear upgrade from commandline:
> pear upgrade HTML_Common

Expected result:
----------------
downloading HTML_Common-1.2.2.tar ...
Starting to download HTML_Common-1.2.2.tar (-1 bytes)
........done: 20,992 bytes
upgrade ok: channel://pear.php.net/HTML_Common-1.2.2


Actual result:
--------------
Warning: require_once(PEAR.php): failed to open stream: Operation not permitted in pearcmd.php on line 63
PHP Fatal error:  require_once(): Failed opening required 'PEAR.php' (include_path='/usr/pkg/lib/php') in /usr/pkg/lib/php/pearcmd.php on line 63

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-04 21:42 UTC] cellog@php.net 
using -n is not an option.

Clearly none of your users has tried to install Image_Color, which depends on the gd extension.

However, we can add a disabling of safe_mode and open_basedir on the command-line which will fix this.
 [2006-01-23 17:28 UTC] cellog@php.net 
This is actually a bug in PEAR, and not in the PHP distribution of PEAR, so I have opened PEAR bug #6559

http://pear.php.net/6559

All comments have been duplicated
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 15:01:30 2024 UTC