php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18110 open_basedir parsing error
Submitted: 2002-07-02 10:20 UTC Modified: 2005-01-31 23:22 UTC
Votes:8
Avg. Score:4.6 ± 0.7
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:1 (14.3%)
From: corvuscrow at angelfire dot com Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 4.2.1 OS: RedHat 7.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: corvuscrow at angelfire dot com
New email:
PHP Version: OS:

 

 [2002-07-02 10:20 UTC] corvuscrow at angelfire dot com 
Hi

As documented in the php manuals, open-basedir restricts the access to the specified directory and works as a prefix. So when I set "open_basedir=/www/1", I can access all directories staring with /www/1 (e.g. /www/10) with e.g. opendir(). To deavtivate the prefix-feature, the manual suggested to add a slash (/www/1/) to make the path absolute. 

The problem is that I am still able to access e.g. /www/10 with opendir(). I launched the sample script below from inside /www/3 and got a list of all other directories. However, access to e.g. /www/4 is blocked; so I assume it's a bug in the parsing of the path. The httpd.conf for this account contains the following directive: php_admin_value open_basedir /www/3/ so it should be safe (as documented in the php manual)


<?
getdir("/www/3/");
getdir("/www/30/");
getdir("/www/300");

function getdir ($directory)
        {
        print "<b>Trying $directory...</b><br>\n";
        if ($dir = @opendir("$directory"))
                {
                while (($file = readdir($dir)) !== false)
                        {
                        echo "$file<br>\n";
                        }
                closedir($dir);
                }
        print "<br><br>\n";
        }
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-02 10:24 UTC] sander@php.net 
Does phpinfo() show the right values for open_basedir? If not, you probably forgot to restart your Apache.
 [2002-07-02 10:49 UTC] corvuscrow at angelfire dot com 
phpinfo() displays the correct info, with the slash at the end. During testing and looking for a way to fix this, I have restarted Apache serveral times.

As long as I know the name of the directory of another user who has the path to my account as a prefix, I can access it. 

It also looks like this works on w2k servers. 

btw, sorry for the double posting before.
 [2002-08-03 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 16 22:01:27 2024 UTC