php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #12121 chdir and safe_mode
Submitted: 2001-07-12 20:39 UTC Modified: 2001-07-13 14:20 UTC
From: sintes at nfrance dot com Assigned: jflemer (profile)
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 4.0.6 OS: OpenBSD 2.7
Private report: No CVE-ID: None
 [2001-07-12 20:39 UTC] sintes at nfrance dot com
php with safe_mode actived.

./configure --enable-safe-mode \
--with-apache=../apache-1.3.19

Default php.ini except safe_mode on.

Contexte:
--------
  following script is /home/fred/chdir.php
  /home/fred/chdir.php is 3654/3654 (fred/fred)
  /home/fred is 3654/3654 (fred/fred) mode 755
  /home is 0/0 (root/wheel) mode 755
  httpd runs as www. As php is an apache module,
  php scripts are running as www too.



Script (output follows)
------

<?

print "current directory" . getcwd() . "<br><br>";

$l = array (".", "/home/fred/", "/home/fred/.",
"/home/fred/./../", "/home/fred/./", "/home/");
foreach ($l as $wd) {                                               
        if (chdir ("$wd")) {
                print "chdir($wd) OK  <br>";
        }
        else {
                print "chdir($wd) error <br>";
        }
        print "current directory " . getcwd() . "<br><br>";
} 
 
?>

Ouput
-----

current directory/home/fred

chdir(.) OK 
current directory /home/fred


Warning: SAFE MODE Restriction in effect. The script whose uid is 3564 is not allowed to access /home/fred owned by uid 0 in /home/fred/chdir.php
on line 7
chdir(/home/fred/) error 
current directory /home/fred

chdir(/home/fred/.) OK 
current directory /home/fred

chdir(/home/fred/./../) OK 
current directory /home

chdir(/home/fred/./) OK 
current directory /home/fred


Warning: Unable to access /home in /home/fred/chdir.php on line 7
chdir(/home/) error 
current directory /home/fred

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-07-12 21:23 UTC] jflemer@php.net
[ in ext/standard/dir.c:274 ]
I think that php_checkuid() should be called with CHECKUID_ALLOW_ONLY_FILE (whcih does not exist yet) instead of CHECKUID_ALLOW_ONLY_DIR. Meaning -- if the passed "filename" does not meet UID/GID test, it should *not* try stripping the last element and trying agian.


I am working on bug #12119, which is (sort of) related.
 [2001-07-13 14:20 UTC] jflemer@php.net
o Fixed Bug #12121: chdir and safe_mode
  - [ ext/standard/dir.c ] changed php_checkuid() to use
    CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR

  - [ main/safe_mode.h ] added new checkuid mode:
    CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
	fails

  - [ main/safe_mode.c ] added code for new checkuid mode


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 00:01:30 2024 UTC