php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18110 open_basedir parsing error
Submitted: 2002-07-02 10:20 UTC Modified: 2005-01-31 23:22 UTC
Votes:8
Avg. Score:4.6 ± 0.7
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:1 (14.3%)
From: corvuscrow at angelfire dot com Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 4.2.1 OS: RedHat 7.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: corvuscrow at angelfire dot com
New email:
PHP Version: OS:

 

 [2002-07-02 10:20 UTC] corvuscrow at angelfire dot com
Hi

As documented in the php manuals, open-basedir restricts the access to the specified directory and works as a prefix. So when I set "open_basedir=/www/1", I can access all directories staring with /www/1 (e.g. /www/10) with e.g. opendir(). To deavtivate the prefix-feature, the manual suggested to add a slash (/www/1/) to make the path absolute. 

The problem is that I am still able to access e.g. /www/10 with opendir(). I launched the sample script below from inside /www/3 and got a list of all other directories. However, access to e.g. /www/4 is blocked; so I assume it's a bug in the parsing of the path. The httpd.conf for this account contains the following directive: php_admin_value open_basedir /www/3/ so it should be safe (as documented in the php manual)


<?
getdir("/www/3/");
getdir("/www/30/");
getdir("/www/300");

function getdir ($directory)
        {
        print "<b>Trying $directory...</b><br>\n";
        if ($dir = @opendir("$directory"))
                {
                while (($file = readdir($dir)) !== false)
                        {
                        echo "$file<br>\n";
                        }
                closedir($dir);
                }
        print "<br><br>\n";
        }
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-02 10:24 UTC] sander@php.net
Does phpinfo() show the right values for open_basedir? If not, you probably forgot to restart your Apache.
 [2002-07-02 10:49 UTC] corvuscrow at angelfire dot com
phpinfo() displays the correct info, with the slash at the end. During testing and looking for a way to fix this, I have restarted Apache serveral times.

As long as I know the name of the directory of another user who has the path to my account as a prefix, I can access it. 

It also looks like this works on w2k servers. 

btw, sorry for the double posting before.
 [2002-08-03 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 18:01:30 2024 UTC