php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18110 open_basedir parsing error
Submitted: 2002-07-02 10:20 UTC Modified: 2005-01-31 23:22 UTC
Votes:8
Avg. Score:4.6 ± 0.7
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:1 (14.3%)
From: corvuscrow at angelfire dot com Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 4.2.1 OS: RedHat 7.2
Private report: No CVE-ID: None
 [2002-07-02 10:20 UTC] corvuscrow at angelfire dot com
Hi

As documented in the php manuals, open-basedir restricts the access to the specified directory and works as a prefix. So when I set "open_basedir=/www/1", I can access all directories staring with /www/1 (e.g. /www/10) with e.g. opendir(). To deavtivate the prefix-feature, the manual suggested to add a slash (/www/1/) to make the path absolute. 

The problem is that I am still able to access e.g. /www/10 with opendir(). I launched the sample script below from inside /www/3 and got a list of all other directories. However, access to e.g. /www/4 is blocked; so I assume it's a bug in the parsing of the path. The httpd.conf for this account contains the following directive: php_admin_value open_basedir /www/3/ so it should be safe (as documented in the php manual)


<?
getdir("/www/3/");
getdir("/www/30/");
getdir("/www/300");

function getdir ($directory)
        {
        print "<b>Trying $directory...</b><br>\n";
        if ($dir = @opendir("$directory"))
                {
                while (($file = readdir($dir)) !== false)
                        {
                        echo "$file<br>\n";
                        }
                closedir($dir);
                }
        print "<br><br>\n";
        }
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-02 10:24 UTC] sander@php.net
Does phpinfo() show the right values for open_basedir? If not, you probably forgot to restart your Apache.
 [2002-07-02 10:49 UTC] corvuscrow at angelfire dot com
phpinfo() displays the correct info, with the slash at the end. During testing and looking for a way to fix this, I have restarted Apache serveral times.

As long as I know the name of the directory of another user who has the path to my account as a prefix, I can access it. 

It also looks like this works on w2k servers. 

btw, sorry for the double posting before.
 [2002-08-03 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 23:01:27 2024 UTC