|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17466 Safe mode uid -1 bug
Submitted: 2002-05-27 20:45 UTC Modified: 2002-09-23 13:56 UTC
Avg. Score:4.9 ± 0.3
Reproduced:8 of 8 (100.0%)
Same Version:4 (50.0%)
Same OS:5 (62.5%)
From: cjones at dualboot dot net Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4.2.1 OS: Linux 2.4.7-10
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: cjones at dualboot dot net
New email:
PHP Version: OS:


 [2002-05-27 20:45 UTC] cjones at dualboot dot net
When safe mode is on php is unable to determine the uid of the running script, it reports it as -1.  As you might imagine, this completely breaks the utility of safe mode with respect to file access.  Also, the same bug occurs when using safe_mode_gid (it reports the gid as -1 as well).  Note that it does get the appropriate uid/gid for the file that is attempted to be accessed.

I am running Apache 2.0.36 and the newest version of PHP (4.2.1).

I did some poking around and I think I found out what's going on.  In ext/standard/pageinfo.c, php_statpage() tries to determine and stat the running script file like so:

       pstat = sapi_get_stat(TSRMLS_C);
        if (BG(page_uid)==-1 || BG(page_gid)==-1) {
                if(pstat) {
                        BG(page_uid)   = pstat->st_uid;
                        BG(page_gid)   = pstat->st_gid;
                        BG(page_inode) = pstat->st_ino;
                        BG(page_mtime) = pstat->st_mtime;

pstat is not properly set by sapi_get_stat() (from main/SAPI.c) so the page_uid et al values are not changed, and retain their defaults (-1).

I looked around a bit to see if I could make a workaround by stating the script file without using sapi_get_stat but I couldn't figure out what variable contained the script filename.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-27 20:53 UTC] cjones at dualboot dot net
Little bit of extra info (which may or may not be helpful), OS version:
Linux version 2.4.7-10smp ( (gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)) #1 SMP Thu 
Sep 6 17:09:31 EDT 2001

Apache config commands:
./configure --prefix=/usr/local/apache --enable-so --enable-rewrite=shared --enable-ssl=shared --enable-suxec=shared

PHP config commands:
./configure --with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs
 [2002-05-28 01:15 UTC] cjones at dualboot dot net

I installed the CVS release (4.3.0-dev) and the problem still exists there.  I switched over to the CGI/commandline install of PHP (4.2.1) and it works correctly (i.e. when safe_mode is on it gets the correct uid of the file owner).
 [2002-05-28 02:24 UTC]
reclassify as an apache 2 issue
 [2002-06-20 03:07 UTC] brian at brian-web dot com
I hit the same problem too with apache 2.0.36/php 4.2.1. I figured out where the problem was and fixed it. The apache2filter sapi module wasn't implementing a get_stat function. You can grab the patch from:

I'm not too familiar with the Apache2 or PHP source, so someone else should probably take a look at it. Basically, it takes the apr_finfo_t struct from apache and converts it back to a struct stat for php.
 [2002-06-20 15:14 UTC] brian at brian-web dot com
That patch I just posted is broken with Apache 2.0.39, apparently the finfo struct isn't filled in 2.0.39 at the point that I was accessing it. (Its all 0s). If you move the call to php_apr_finfo2stat to php_apache_get_stat it works, but then its runs everytime php_apache_get_stat is called, which I was trying to avoid.
 [2002-08-23 16:40 UTC] shollatz at d dot umn dot edu
While this may have been assigned as an Apache 2.x problem,
I observe safe_mode_gid not working for most GIDs, works
for a few, regardless whether the user's GID set includes

The environment is Apache 1.3.26 with PHP 4.2.2 as a module,
under Solaris 2.8.
 [2002-08-29 15:09 UTC] slamb at slamb dot org
See <> - patch available at <>.
 [2002-09-16 10:30 UTC]
Must be fixed before 4.3.0
 [2002-09-23 13:56 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

 [2002-12-17 04:38 UTC] romio at aduva dot com
I have the same problem with safe mode "uid -1" in apache 1.3.27 php 4.2.3 on Redhat 7.1
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Mar 03 23:01:32 2024 UTC