|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[1999-07-19 08:09 UTC] tecnica at microlink dot com dot br
[2001-02-10 13:35 UTC] jimw@php.net
[2001-11-11 14:23 UTC] sander@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue May 06 20:01:30 2025 UTC |
This problem was tested in two system?s Linux 2.2.9 with php3.0.11 running as module of apache 1.3.6 Linux 2.2.10 with php3.0.7 running as module of apache 1.3.6 Php3.ini config open_basedir= Some path in htdocs tree enablesafemode=On DocRoot=Dir of Apache root html files. httpd.conf DocumentRoot=Apache Root of htdocs It is possible to create a .php3 page that can copy files outside de DocRoot Tree : <? copy("/etc/passwd","passwd.copy") ?> => WORKS But <? fopen("/etc/passwd","R") ?> => FAIL becaus the open_basedir assignment. In Security section of Manual, says that Security in php3 instaled with modules is APACHE Security. In apache is impossible to httpd server with out a external script see files above of DocumentRoot Directive I want to know if its a config problem of my PHP3 + Apache installations or if it?s a BUG. I also want to know if there are other functions with this problem/caracteristics. I Saw in lists some problems like this, but they are in Windows NT OS. The answers to this problems are uncomplete and focus that NT is a insecure and with a lot of problems OS. But I can reproduce a similar problem in LINUX OS. Congratulations and keep doing the good work. Gomes, Marcio