php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17108 Safe Mode open_basedir doesn't check file UID but does dir UID
Submitted: 2002-05-08 23:21 UTC Modified: 2005-01-31 23:00 UTC
Votes:6
Avg. Score:4.7 ± 0.7
Reproduced:3 of 4 (75.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: php-bugs at icirc dot net Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 4.2.0 OS: FreeBSD 4.5-STABLE
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: php-bugs at icirc dot net
New email:
PHP Version: OS:

 

 [2002-05-08 23:21 UTC] php-bugs at icirc dot net
Hello,

I'm not sure if this is a bug, or whether it is meant to do this, however since it makes no sense, I figure it must be a bug.

Basically, when you use open_basedir, you should be able to open any files in basedir path, regardless of UID.

So if apache is expecting the user Alasdair, and it tries to access a file owned by a different user, it only allows this if this file resides in the basedir path.

If you create a directory with the correct user, and stick a file in it with the wrong user, this still works as long as the directory is in the basedir path.

However, if you change the ownership of this directory to an incorrect user, you can no longer access any of the files in that directory!

This seems quite mad, as the whole point of open_basedir is so you don't have to worry about ownerships so long as everything you access resides in the basedir.

The offending C file is safe_mode.c, which i've attempted to modify unsuccessfully, mostly due to the fact I have no idea whats going on in it. I could get it to always return 1, though ;)

The reason I require this is that I need to allow users to access files and directories created by apache, for some scripts that do this. Apache of course sets created files/dirs to its own UID. This is fine for files, but any directories created PHP won't access, due to this feature/bug.

I have searched the web, and asked in #PHP on openprojects, but couldn't turn up any information.

Any help is greatly appriciated, the only other solution would be to turn Safe Mode off.

Configure options:

./configure --with-apxs=/usr/local/psa/apache/bin/apxs --prefix=/usr/local/psa/apache --with-system-regex --with-config-file-path=/usr/local/psa/apache/conf --disable-debug --disable-pear --enable-sockets --enable-track-vars --with-gd=/usr/local/src/gd-1.8.4 --with-mysql=/usr/local/psa/mysql --with-iodbc=/usr/local/src/imap-2001a/libiodbc-3.0.5 --with-imap=/usr/local/src/imap-2001a

(Although i can replicate this problem even with the simplest setup, i don't think the local options cause this problem)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-20 14:41 UTC] mfischer@php.net
As far as I can see there's no uid checking done when only using open_basedir. You're most likely using safe mode enabled and therefore activated uid checking.

Or maybe I missed something?
 [2002-06-13 11:44 UTC] php-bugs at icirc dot net
The problem is when using both open_basedir AND php Safe Mode. Some people do actually want to use both!
 [2002-06-21 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Jan 26 08:01:24 2020 UTC