|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2002-03-17 12:35 UTC] sander@php.net
[2002-03-19 03:04 UTC] webmaster at unizh dot ch
[2002-03-19 03:07 UTC] derick@php.net
[2002-03-19 03:16 UTC] webmaster at unizh dot ch
[2002-03-19 03:18 UTC] derick@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2021 The PHP GroupAll rights reserved. |
Last updated: Sun Jun 13 03:01:24 2021 UTC |
Security issue in move_uploaded_file() while in safe-mode We have different web-sites running on our server. Each of them may prepare a directory in which files may be written using php-upload and move_uploaded_file(). Our webserver runs with safe-mode-restriction. The documentations says, as mentioned, that this is not unsafe. Note: move_uploaded_file() is not affected by the normal safe-mode UID-restrictions. This is not unsafe because move_uploaded_file() only operates on files uploaded via PHP. In fact, it is. If I know a directory of another website which allows to upload files via php, I'll be able to write a file to this location, offering an upload-script on my website. I could on this way put offending files in someone elses website, who probably protectet his php-upload-script with .htaccess. I would suggest that move_uploaded_file() should be modified that way, that files may only be moved to directories whose owner is the same as the upload-script while safe-mode restriction applies. This approach would guarantee that nobody else as the people who offers an upload-script will be able to put files in the owners webspace. After such a modification move_uploaded_file() will be really safe. At present, it's not. It allows to skip safe-mode-restriction. Kind regards and thanks for any feedback Roberto