php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16042 mkdir no longer works correcrly (wrong UID)
Submitted: 2002-03-13 09:26 UTC Modified: 2002-03-13 10:23 UTC
From: happycloud at undream dot com Assigned: jflemer (profile)
Status: Not a bug Package: *Directory/Filesystem functions
PHP Version: 4.1.2 OS: Linux
Private report: No CVE-ID: None
 [2002-03-13 09:26 UTC] happycloud at undream dot com
ENV:
Linux 2.2.19/apache 1.3.23/ Safe mode on, latest security 
update

The following simple scripts no longer work:
<?

mkdir('/var/www/web/test/testfolder' , 0777);
mkdir('/var/www/web/test/testfolder/another', 0777);
?>
It generates: SAFE MODE Restriction in effect. ?The script 
whose uid is 48561 is not allowed to
?access /var/www/web/test/testfolder owned by uid 98 in ..

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-13 09:49 UTC] sander@php.net
The bug system is not the appropriate forum for asking support
questions. For a list of a range of more appropriate places to ask
for help using PHP, please visit http://www.php.net/support.php
 [2002-03-13 09:57 UTC] happycloud at undream dot com
This is NOT a support question! 
We have lost 37 websites in the last few days due to a BUG 
in the security update. Come on people! I provided a 
sample script not because I need help, but because I 
thought you did. We are hacking into the php core now to 
get it running again as we are a hosting service and ALL 
AND EVERY WEBSITE USING PHP's mkdir function do not work 
because of a problem (READ BUG) with the uid setup.
 [2002-03-13 10:02 UTC] mfischer@php.net
Which working version were you using prior ?
 [2002-03-13 10:05 UTC] jflemer@php.net
Is it creating the first directory "testfolder", or does it fail on the first mkdir()?
 [2002-03-13 10:23 UTC] rasmus@php.net
The second mkdir() will fail with a safe_mode restriction as it should.  This is not a bug.  Files or directories created by PHP when PHP is running as an Apache module will be owned by the Apache user id.  There is simply no way around that given the current state of Apache.  And the safe-mode restriction correctly restricts you from creating a directory inside a directory not owned by the same uid as the script.  The fact that it worked before was a security problem which was fixed.

If you want to be able to do something like this, you should consider using the open_basedir restriction mechanism where all these checks are done based on the base directory and anything the user does within/beneath that base directory is ok.  

Please read  http://www.php.net/manual/en/features.safe-mode.php and http://www.php.net/manual/en/configuration.php#ini.open-basedir
 [2002-04-16 12:58 UTC] byg at cf1 dot ru
Actually, this is not a completely bogus claim.
Problem is really in safe_mode.c and inconvenient
limitations of safe_mode (e.g. see BUG 7204).
Mmm, I set safe_mode_include_dir to '/var/www/web'
(so I assume that uid/gid of all scripts in '/var/www/web'
should be taken in account, is it?)
But I've got the same error as here. It's a bug anyway.
Problem was sligthly reduced by safe_mode_gid and
safe_mode_include_dir.
I see the only way:
to have an optional php setting for a group (list of such groups?) which may and can to create/own PHP-scripts though
they could not in the same group as php itself.
Typical usage:
developer teams with default different groups
(project1, project2 and so on) which differ with www/apache user gid. These groups should be explicitly specified in either php.ini or on per-server basis (php_admin_value).

Has it sense?
I'm confused by possible overhead on getgrnam.

Probably it affects files: safe_mode.c, main.c, php_ini.c.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu May 23 13:01:30 2019 UTC