|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2002-06-20 00:04 UTC] moron at industrial dot org
There is a problem with PHP 4 and Apache 2.0 relating to checking of the UID and GID of scripts under safe_mode. The net result is that under safe_mode, all scripts fail. Here is an example error: SAFE MODE Restriction in effect. The script whose uid is -1 is not allowed to access /home/httpd/html/test.php owned by uid 0 in Unknown on line 0 Note that this is not for an include but the script itself. Also note the bogus UID. Here is a detailed description from another fellow I came across when researching this via Google which quite eloquently explains the problem: From: Victor Fernandes (Victor.Fernandes@comnet.be) Subject: Re: [PHP-INST] PHP 4.x and Apache 2.x Newsgroups: php.install Date: 2002-06-18 04:19:11 PST Just for the records and to give some hope ;-) I found where the problem is and patched the sources to fix the problem for me. I will not suggest or recommend my solution (patch) because this should be solved when PHP 4 will be fully supported with Apache 2.x. Yes I had this error certainly due to this combination (Apache 2.0.36 and PHP 4.2.1, Solaris 8, etc...) On file "./sapi/apache2filter/apache_config.c" changed the string "OR_NONE" on line 131, to "ACCESS_CONF|RSRC_CONF". Based on line 866 of file: "./sapi/apache/mod_php4.c" After that I was presented with a new nice error: Warning: SAFE MODE Restriction in effect. The script whose uid/gid is -1/-1 is not allowed..." For any file I was trying to access. This again is certainly due to the fact that this is experimental code for Apache 2.x. I found where the problem is and patched the sources too. For the curious and in case this is not yet known, the problem originates on the "./main/safe_mode.c" file, because the php_getuid() and php_getgid() functions always return -1. In fact the problem comes, even more deeply, from the php_statpage() or sapi_get_stat(). I decided not to go further and patched the php_getuid() and php_getgid() directly (on file "./ext/standard/pageinfo.c"). I've done this by checking the value that is supposed to be returned and if it is -1 go another way and get the correct executing script uid/gid. Victor Fernandes PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Mon Dec 30 14:01:28 2024 UTC |
Actually, the latest snapshot makes things worse in a way. To get it to install you need to turn off SAFE_MODE due to something with the PEAR section that creates a chicken and the egg scenario: make[1]: Entering directory `/usr/local/source/php4-200206192100' /usr/local/source/php4-200206192100/sapi/cli/php /usr/local/source/php4-200206192100/pear/install-pear.php /usr/local/source/php4-200206192100/pear/package-*.xml Warning: SAFE MODE Restriction in effect. The script whose uid is -1 is not allowed to access /usr/local/source/php4-200206192100/pear/PEAR.php owned by uid 100 in /usr/local/source/php4-200206192100/pear/install-pear.php on line 6 After turning off safe_mode and open_basedir temporarily, I managed to complete an install but then got a new error along with the old ones: SAFE MODE Restriction in effect. The script whose uid is -1 is not allowed to access /home/httpd/html/test.php owned by uid 0 in Unknown on line 0 Warning: (null)("/home/httpd/html/test.php") - Resource temporarily unavailable in Unknown on line 0 Warning: Failed opening '/home/httpd/html/test.php' for inclusion (include_path='.:/usr/local/lib/php') in Unknown on line 0 So this does appear to still be FUBAR in the current distribution. The "Resource temporarily unavailable" is a new error just so you know. Cheers