php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17592 safe mode doesn't work as described in the manual
Submitted: 2002-06-04 06:17 UTC Modified: 2002-06-05 05:13 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (100.0%)
From: fontajos at phpeppershop dot org Assigned:
Status: Not a bug Package: *Configuration Issues
PHP Version: 4.1.2 OS: SuSE Linux 7.1 Professional
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fontajos at phpeppershop dot org
New email:
PHP Version: OS:

 

 [2002-06-04 06:17 UTC] fontajos at phpeppershop dot org
In the php manual (http://www.php.net/manual/en/features.safe-mode.php) the safe mode is described as follows. PHP should compare the UID of the script's owner to the UID of the file on which the script attends to operate. If the UIDs differ, the access to the file is denied.

If you test the following script, assuming you have a file called text.txt (file and directory properties not 0666!) in the same directory where the script is, it should work according to the php manuals description, but it doesn't. (You can execute the following script on our server, to see exactly the same result that I got here: http://phpserver.zhwin.ch/~fontajos/test/test2.php )

-------------
<?php
echo("<h1>Safe Mode bug</h1><br><br>");//title
clearstatcache();
echo ("<u>Script</u><br>");
echo ("This script's UID = ".getmyuid()." and GID = ".getmygid()."<br>");
echo ("The current user of this script is: ".get_current_user()."<br><br>");
echo ("<u>File</u><br>");
echo ("./text.txt's UID = ".fileowner("text.txt")."<br>");
$posix_array = posix_getpwuid(fileowner("text.txt"));
echo ("./text.txt's owner = ".$posix_array['name']."<br>");
//Some more fileinfos
if (file_exists("text.txt")) {
    echo ("File text.txt exists in this folder!<br>");
}
if (is_readable("text.txt")) {
    echo ("File text.txt is readable!<br>");
}
if (is_writeable("text.txt")) {
    echo("File text.txt is writeable!<br><br>");
} else {
    echo ("File text.txt is <b>not writeable</b>!<br><br>");
}
/*Try an operation which does not work although it should*/
chmod ("text.txt", 0666);
$fp = fopen ("text.txt", "r+");
fclose($fp);
chmod ("text.txt", 0644);
?>
--------------

To reproduce this behaviour, I used the following PHP configuration: http://phpserver.zhwin.ch/~fontajos/phpinfo.php

Since most of the providers enable the Safe Mode, it is really annoying that we currently need to give the directory and the specific file the file attributes 0666 to access them with enabled Safe Mode.

Best Regards

Jose Fontanil

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-04 07:43 UTC] steffann@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

You are comparing the user who *runs* the script (as returned by getmyuid()) with the owner of file.txt.

Safe mode protection works not by looking at who runs the script, but by looking at who *owns* the script (as returned by fileowner(\"test2.php\")).

To give access to the file, safe mode checks for:
fileowner(\"test2.php\") == fileowner(\"text.txt\")

 [2002-06-05 01:09 UTC] fontajos at phpeppershop dot org
Thank you for the quick reply.

You write, that PHP does the following comparison:

fileowner(\"test2.php\") == fileowner(\"text.txt\");

I tried this within a new script and both, the test2.php and also the text.txt do have the same UID.

Test:

<?php
echo (fileowner("test3.php")."  = ".fileowner("text.txt"));
?>

(You can run this script here:


But still it isn't possible to write to this file or use chmod as mentioned in the php manual (http://www.php.net/manual/en/features.safe-mode.php).
 [2002-06-05 01:20 UTC] fontajos at phpeppershop dot org
...sorry, that was the submit button, a little bit too fast ;-).

You can run the above mentioned script here:http://phpserver.zhwin.ch/~fontajos/test/test2.php

the comparison is entitled as fileownershop comparison, at the very bottom.
 [2002-06-05 03:48 UTC] steffann@php.net
Sorry, I made a mistake in my response.. getmyuid() actually DOES give you the owner of the script, not the user which is running the script.

We are looking in the wrong direction here... The error you get is not from safe-mode. Like you have shown with
fileowner("test2.php") == fileowner("text.txt")
the restrictions for safe-mode are met.

It are the normal UN*X file-access checks that prevent you from writing to the file. As you can see from
-rwxr-xr-x 1 fontajos users 29 Mai 3 07:17 text.txt
the file may only be opened for writing by user fontajos. Group users and the rest of the users can only open it for reading and executing (which is a bit strange for a textfile). The users your webserver runs as obviously is not user fontajos, so it can not write to the file.

The sollution is to change the access restrictions of the file in a way that the webserver can open it for writing. The easiest way is to give _everybody_ write access to the file (chmod a+w file.txt) but that is not very safe. If your system supports ACLs using them would be a much better option.

The best thing to do is to ask your ISP/sysadmin/guru what the best option is for the webserver you are using.

 [2002-06-05 04:08 UTC] fontajos at phpeppershop dot org
Thanks for the prompt reply,

It looks like this seems to be the problem it still is. Since PHP installed as an Apache DSO Module runs every script under the apache's owner nobody can use the functions that are restricted by the safe_mode because the ownership comparison will always be false (unless the files belong to the apache user)...

This situation is unfortunately a bit sad, because if safe_mode would compare the ownership of the script that is running to the owner of the file to operate on, it would be no problem to use the functions restricted by safe mode... still providing the same security... 

I propose that this could maybe be changed in a future PHP version. I hope that you still read this message, since I don't change the status to open again.

thanks anyway

Jose
 [2002-06-05 05:13 UTC] steffann@php.net
Hi Jose,

Ofcourse I read your replies :)

This problem is exactly why we don't use safe-mode on our webservers, and why I made the first implementation of the open_basedir option some years ago (PHP3).

Good luck,
Sander.

 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Oct 04 06:05:54 2022 UTC