php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #36532 session.save_path and safe_mode
Submitted: 2006-02-26 03:11 UTC Modified: 2006-03-07 01:00 UTC
Votes:4
Avg. Score:4.0 ± 1.2
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:2 (50.0%)
From: amicka at gmail dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.4.2 OS: FreeBSD 4.11
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: amicka at gmail dot com
New email:
PHP Version: OS:

 

 [2006-02-26 03:11 UTC] amicka at gmail dot com 
Description:
------------
We are using mod_php and providing per-site configuration directives in httpd.conf

I am testing with a phpinfo() file, owned by uid/gid 1000/1000

When safe_mode is enabled, we receive the following error:

PHP Warning:  Unknown(): SAFE MODE Restriction in effect.  The script whose uid/gid is 0/0 is not allowed to access /www/example.com/tmp owned by uid/gid 1000/1000 in Unknown on line 0

PHP Warning:  Unknown(): open(/tmp/sess_659835e0c801f8cfcf46c1740c026d08, O_RDWR) failed: Permission denied (13) in Unknown on line 0

PHP Warning:  Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0


*  Because my info.php file is owned by uid=1000, the "script whose uid/gid is 0/0" error SHOULD NOT APPEAR.  It is erroneously using 0/0 for its checks

*  Because /www/example.com/tmp is in my safe_mode_include_dir path, the above error shouldn't apply anyway

*  Because my session.save_path is /www/example.com/tmp , it SHOUD NOT be attempting to write to /tmp

My current workaround is to chown /www/example.com/tmp to 0:0, which is preferable in my environment.  But this still indicates a bug.

php.ini is similar to the ini-recommended file, plus safe_mode = On

Per-site overrides:

<VirtualHost *:80>
  ServerName www.example.com
  DocumentRoot /www/example.com/www
  SetEnv PHP_DOCUMENT_ROOT /www/example.com/www
  SetEnv PHPRC /www/example.com/conf
  php_admin_value doc_root /www/example.com/www
</VirtualHost>

<Directory /www/virtual/example.com/>
  php_admin_value session.save_path "/www/example.com/tmp/"
  php_admin_value upload_tmp_dir "/www/example.com/tmp/"
  php_admin_value safe_mode_include_dir "/www/lib/:/www/sharedlib/:/www/example.com/tmp/:/dev/null:/usr/local/lib/php/"
  php_admin_value open_basedir /www/lib/:/www/example.com/
</Directory>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-27 08:54 UTC] tony2001@php.net 
What Server API are you using?
 [2006-02-27 09:43 UTC] amicka at gmail dot com 
Apache 2.0  (2.0.55)
 [2006-02-27 09:54 UTC] tony2001@php.net 
Can you try it with Apache 1.3.x ?
And I'd appreciate if you try to reproduce it with PHP 5.1 either.
 [2006-03-07 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-06-01 09:19 UTC] lars at erhardsen dot dk 
I'm experiencing the same with 4.4.2 on linux 2.4.27 - and these random errors started when I upgraded from 4.3.11 (not entirely sure about the version)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 06:01:29 2024 UTC