PHP :: Bug #17108 :: Safe Mode open_basedir doesn't check file UID but does dir UID

Bug #17108

Safe Mode open_basedir doesn't check file UID but does dir UID

Submitted:

2002-05-08 23:21 UTC

Modified:

2005-01-31 23:00 UTC

Votes:	6
Avg. Score:	4.7 ± 0.7
Reproduced:	3 of 4 (75.0%)
Same Version:	3 (100.0%)
Same OS:	3 (100.0%)

From:

php-bugs at icirc dot net

Assigned:

Status:

No Feedback

Package:

Safe Mode/open_basedir

PHP Version:

4.2.0

OS:

FreeBSD 4.5-STABLE

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!

Your email address: MUST BE VALID
Solve the problem: 32 + 25 = ?
Subscribe to this entry?

[2002-05-08 23:21 UTC] php-bugs at icirc dot net

Hello,

I'm not sure if this is a bug, or whether it is meant to do this, however since it makes no sense, I figure it must be a bug.

Basically, when you use open_basedir, you should be able to open any files in basedir path, regardless of UID.

So if apache is expecting the user Alasdair, and it tries to access a file owned by a different user, it only allows this if this file resides in the basedir path.

If you create a directory with the correct user, and stick a file in it with the wrong user, this still works as long as the directory is in the basedir path.

However, if you change the ownership of this directory to an incorrect user, you can no longer access any of the files in that directory!

This seems quite mad, as the whole point of open_basedir is so you don't have to worry about ownerships so long as everything you access resides in the basedir.

The offending C file is safe_mode.c, which i've attempted to modify unsuccessfully, mostly due to the fact I have no idea whats going on in it. I could get it to always return 1, though ;)

The reason I require this is that I need to allow users to access files and directories created by apache, for some scripts that do this. Apache of course sets created files/dirs to its own UID. This is fine for files, but any directories created PHP won't access, due to this feature/bug.

I have searched the web, and asked in #PHP on openprojects, but couldn't turn up any information.

Any help is greatly appriciated, the only other solution would be to turn Safe Mode off.

Configure options:

./configure --with-apxs=/usr/local/psa/apache/bin/apxs --prefix=/usr/local/psa/apache --with-system-regex --with-config-file-path=/usr/local/psa/apache/conf --disable-debug --disable-pear --enable-sockets --enable-track-vars --with-gd=/usr/local/src/gd-1.8.4 --with-mysql=/usr/local/psa/mysql --with-iodbc=/usr/local/src/imap-2001a/libiodbc-3.0.5 --with-imap=/usr/local/src/imap-2001a

(Although i can replicate this problem even with the simplest setup, i don't think the local options cause this problem)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-05-20 14:41 UTC] mfischer@php.net

As far as I can see there's no uid checking done when only using open_basedir. You're most likely using safe mode enabled and therefore activated uid checking.

Or maybe I missed something?

[2002-06-13 11:44 UTC] php-bugs at icirc dot net

The problem is when using both open_basedir AND php Safe Mode. Some people do actually want to use both!

[2002-06-21 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Fri Dec 08 00:01:30 2023 UTC