|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #12255 (In safe mode) The UID check in chdir don't test the good directory
Submitted: 2001-07-19 10:55 UTC Modified: 2001-07-26 21:38 UTC
From: benoit at proxad dot net Assigned:
Status: Closed Package: Directory function related
PHP Version: 4.0.6 OS: Debian GNU/Linux sid
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: benoit at proxad dot net
New email:
PHP Version: OS:


 [2001-07-19 10:55 UTC] benoit at proxad dot net
In safe mode, when you chdir a specific directory, it does not test the UID of directory but the UID of the directory below.

Let's say we do a chdir ("/home/benoit");
In safe mode, it will test the UID of /home against the one of the script so it fails.

If we do a chdir ("/home/benoit/."); , PHP test the UID of /home/benoit/ against the UID of the script and succeed.

But, logically, the two commands should succeed the same way.

I think it's related to the code in "ext/standard/dir.c" around line 286 :
> if (PG(safe_mode) && !php_checkuid((*arg)->value.str.val, NULL, CHECKUID_ALLOW_ONLY_DIR)) {
and the way php_checkuid handle CHECKUID_ALLOW_ONLY_DIR.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-07-19 16:20 UTC]
I fixed this in CVS. This is a duplicate bug report.
 [2001-07-26 21:38 UTC]
fixed -> closed.

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 18 07:03:35 2021 UTC