php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17536 safe_mode_include_dir does not work properly with symbolic links.
Submitted: 2002-05-30 20:17 UTC Modified: 2005-01-31 22:59 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (33.3%)
From: mburger at netbeyond dot de Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 4.2.1 OS: Linux (SuSE)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-05-30 20:17 UTC] mburger at netbeyond dot de
Hello,

I think safe_mode_include_dir does not work properly with symbolic
links. Here my configuration:


<VirtualHost 134.96.x.y>
    DocumentRoot /kunden/hosting/server/doma.in/sub/htdocs
    ServerName sub.doma.in

    <IfModule mod_php4.c>
        php_admin_value safe_mode 1
        php_admin_value safe_mode_exec_dir /usr/bin
        php_admin_value safe_mode_include_dir /kunden/hosting/server/doma.in/sub

        php_admin_value open_basedir /kunden/hosting/server/doma.in/sub

        php_admin_value upload_tmp_dir /kunden/hosting/server/doma.in/sub/tmp

        php_admin_value include_path .:/kunden/hosting/server/doma.in/sub/lib_php

        php_admin_value error_reporting 2023
    </IfModule>


</VirtualHost>


I copied

    /usr/local/lib/php/.

to

    /kunden/hosting/server/doma.in/sub/lib_php/

(PEAR).

Everthing in .../sub/lib_php/. is owned by root.root, the remaining
files and dirs in .../sub/ by vs1.www

If I try to include 'System.php' I get this error:

    Warning: SAFE MODE Restriction in effect. The script whose uid is
    504 is not allowed to access
    /kunden/hosting/server/doma.in/sub/lib_php/System.php owned by uid
    0 in /var/www/doma.in/sub/htdocs/index.php on line 9

You should know there is a symbolic link:

    /kunden/hosting/server -> /var/www


If I change the line with safe_mode_include_dir as following
    
    php_admin_value safe_mode_include_dir /var/www/doma.in/sub

the include statements works as expected.

Regards,
   Martin

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-10-24 15:50 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2002-11-09 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Dec 13 21:01:26 2018 UTC