php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #46070 realpath() fails with safe-mode enabled on 64 bit systems
Submitted: 2008-09-13 12:09 UTC Modified: 2009-04-14 01:00 UTC
From: dougcsd at yahoo dot com Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 5CVS-2008-11-11 OS: BlueWhite64 (linux)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dougcsd at yahoo dot com
New email:
PHP Version: OS:

 

 [2008-09-13 12:09 UTC] dougcsd at yahoo dot com 
Description:
------------
This code segment runs in a file included from an upper level script.  The same script appears to work correctly when PHP is compiled with the same options on a 32 bit OS.

Apache 2.2 compiled from source

All php compiled from source

Linux kernel 2.6.26.2 compiled from source.  

libc:
-rwxr-xr-x 1 root root 1658189 2008-04-22 03:51 libc-2.7.so*
lrwxrwxrwx 1 root root      11 2008-06-17 18:22 libc.so.6 -> libc-2.7.so*

root@server1:/lib# gcc --version
gcc (GCC) 4.2.3
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

./configure  --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/my
sql --with-zlib --with-gd --with-jpeg-dir=/usr --with-png-dir=/usr --prefix=/usr
/local/php5 --enable-mbstring

Code:

$osd_root_path2 = realpath(dirname(__FILE__) . '/../../../') . '/';
$dump=fopen("/var/www/html/chat/dumptest","w");
  fprintf($dump,"%s\n%s\n",dirname(__FILE__),$osd_root_path2);
fclose($dump);

The file output was the same on 5.2.6 through 5.3.Alpha3

Output when safe mode is on:
/var/www/html/chat/inc/cmses
/

Output when safe mode is off:
/var/www/html/chat/inc/cmses
/var/www/html/


Reproduce code:
---------------
$osd_root_path2 = realpath(dirname(__FILE__) . '/../../../') . '/';
$dump=fopen("/var/www/html/chat/dumptest","w");
  fprintf($dump,"%s\n%s\n",dirname(__FILE__),$osd_root_path2);
fclose($dump);



Expected result:
----------------
Output when safe mode is off:
/var/www/html/chat/inc/cmses
/var/www/html/


Actual result:
--------------
Output when safe mode is on:
/var/www/html/chat/inc/cmses
/

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-13 12:30 UTC] dougcsd at yahoo dot com 
Minor code change produced a correct result.  Appears the issue is related to more than three levels up.  Just so happends that this is also the safe mode chroot directory:

/var/www/html/

<Directory "/var/www/html">
    AddType application/x-httpd-php .php
    php_admin_flag safe_mode on
#    php_flag assert.warning off
#    php_admin_flag assert.warning off
    php_admin_value safe_mode_exec_dir /var/www/html/
    php_admin_value open_basedir /var/www/html/


$osd_root_path2 = realpath(dirname(__FILE__) . '/../../') . '/';
$dump=fopen("/var/www/html/chat/dumptest","w");
  fprintf($dump,"%s\n%s\n",dirname(__FILE__),$osd_root_path2);
fclose($dump);

/var/www/html/chat/inc/cmses
/var/www/html/chat/
 [2009-04-06 21:13 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2009-04-14 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 02 12:01:29 2025 UTC