PHP :: Bug #13818 :: safe mode wrong uid -1

Bug #13818	safe mode wrong uid -1
Submitted:	2001-10-24 13:41 UTC	Modified:	2002-10-06 19:31 UTC
From:	ballen at umuc dot edu	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	4.0.6	OS:	solaris
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-10-24 13:41 UTC] ballen at umuc dot edu

I could not find any reference on the newsgroups to the following error we are getting when safe mode is on:

Warning: SAFE MODE Restriction in effect. The script whose uid is -1 is not allowed to access ../orders.txt owned by uid 66400 in /class/em680a/www/cgi-bin/vieworders.php on line 10
        
The "-1" can't be a uid, but I can't figure out what the error is.  There was a bug post on 12/8/2000 by someone who was getting the same error but the uid was "1" not "-1" and the suggestion was to upgrade php and reopen the issue if it was not fixed.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-05 05:44 UTC] sander@php.net

I might be mistaken, but doesn't Apache try to run as -1 by default? On some systems that refers to nobody. Might that be that case?

[2002-04-28 10:55 UTC] jflemer@php.net

The version of PHP that this bug was reported in is too old. Please
try to reproduce this bug in the latest version of PHP (available
from http://www.php.net/downloads.php

If you are still able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".

I believe this has been fixed on solaris since 4.0.6.

[2002-06-26 04:19 UTC] bart at sunsite dot dk

I get this error with php4-200206240900 / apache-2.0.39 on Solaris 8.

And yes, apache defaults to run as -1, but this has been succesfully configured to another uid here.

[2002-10-06 19:19 UTC] soletan at toxa dot de

Same problem with PHP-CVS-snapshot STABLE-200210061500 and Apache 2.0.43 ... well but it looks like trouble with Apache's "server_context" things.

I browsed through PHP sources a bit and found that it uses values provided by apache and apache is taking it from system using fstat. But I couldn't find out why no one gets real uid of script file or even where to configure this "feature" ...

[2002-10-06 19:31 UTC] iliaa@php.net

The fix for the bug is ONLY found in the 'latest' aka snapshot branch.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu May 02 23:01:30 2024 UTC