PHP :: Bug #11570 :: Security Hole on ChDir()

Bug #11570	Security Hole on ChDir()
Submitted:	2001-06-20 00:22 UTC	Modified:	2001-06-20 10:46 UTC
From:	wangshui at nyist dot net	Assigned:
Status:	Closed	Package:	Directory function related
PHP Version:	4.0.4pl1	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	wangshui at nyist dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2001-06-20 00:22 UTC] wangshui at nyist dot net

ChDir() can be use to enter a directory which belongs to others. Hackers can use this hole to break the SafeMode and OpenBaseDir restriction and enter and view and even open files in someone else' directory.
In a multiuser environment where users must have some files with the same owner( such as 'nobody', to handle file-upload tasks), this hole is extremely dangerous.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-06-20 10:46 UTC] rasmus@php.net

Fixed in CVS

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 06:01:29 2024 UTC