php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18500 Safe mode: php reports wrong uid on file
Submitted: 2002-07-23 12:31 UTC Modified: 2002-11-09 01:00 UTC
Votes:17
Avg. Score:4.3 ± 0.7
Reproduced:15 of 15 (100.0%)
Same Version:1 (6.7%)
Same OS:7 (46.7%)
From: b dot courtin at t-online dot net Assigned:
Status: No Feedback Package: PHP options/info functions
PHP Version: 4.2.1 OS: Solaris 2.8
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-07-23 12:31 UTC] b dot courtin at t-online dot net
Hi,

when using SAFE_MODE = ON, php reports a wrong uid on a file to be served. 

It reports file has uid=1 althought it should report (and therefore serve the page) uid=2003.

Details: I will get the following error:

--------
[23-Jul-2002 17:47:06] PHP Warning:  SAFE MODE Restriction in effect.  The script whose uid/gid is 1/2003 is not allowed to access /a/b/c/d/e/partner_sets.inc owned by uid/gid 2003/1082 in /w/x/y/z/login_tol.html on line 13
[23-Jul-2002 17:47:06] PHP Fatal error:  Failed opening required '/a/b/c/d/e/partner_sets.inc' (include_path='.:/opt/php-4.2.1/lib/php') in /w/x/y/z/login_tol.html on line 13
---------

Where "/a/b/c/d/e/partner_sets.inc" is included from "/w/x/y/z/login_tol.html" which is part of a frame of "/w/x/y/index.html". (<frame src="/z/login_tol.html"...>)

It seems that the uid which is reported is wrong (1) and the gid wich is reported (2003) is the uid which should be reported (see below).

File ownership/permissions are as follows:
--------------------------------------------

ls -la /w/x/y/index.html
-rw-r-----   1 webadmin httpd       3106 Nov  2  2001 /w/x/y/index.html

ls -la  /w/x/y/z/login_tol.html
-rw-r-----   1 webadmin httpd      15343 Apr 15 10:56 /w/x/y/z/login_tol.html

ls -la  /a/b/c/d/e/partner_sets.inc
-rwxr-----   1 webadmin httpd        897 Feb 26 20:20 /a/b/c/d/e/partner_sets.inc


User / group IDs are:
-----------------------
# id httpd
uid=2002(httpd) gid=1082(httpd)

# id webadmin
uid=2003(webadmin) gid=1082(httpd)


The apache server is running as uid/group httpd/httpd.

Kind regards,
Bert Courtin

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-29 22:29 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

If you still experience this problem, please include the info about the Web Server you are using in your reply.
 [2002-10-15 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2002-10-24 02:56 UTC] b dot courtin at t-online dot net
Hi,

first of all thank you for working on this bug.

Unfortunately I have to report that with php-4.3.0-pre1 the bug is still there (see output below). Webserver used is apache-1.3.27 on solaris 2.8 (bug also was there with apache-1.3.26). 

PHP still reports "script with uid=1 ..." User id 1 belongs to: bash-2.03$ id daemon: uid=1(daemon) gid=1(other). apache is started as user webamdin, uid's and file permissions see below.


Kind regards,
Bert Courtin


---
[24-Okt-2002 09:39:55] PHP Warning:  file_exists() [<a href='http://www.php.net/function.file-exists'>function.file-exists</a>]: SAFE MODE Restriction in effect.  The script whose uid is 1 is not allowed to access /a/b/c/d/e/f/g/themes_d.string owned by uid 2003 in /w/x/y/z/main_uebersicht.html on line 124
bash-2.03$ ls -la /a/b/c/d/e/f/g/themes_d.string
-rw-r-----   1 webadmin httpd      10772 Feb 26  2002 /a/b/c/d/e/f/g/themes_d.string
bash-2.03$ ls -la /w/x/y/z/main_uebersicht.html
-rw-r-----   1 webadmin httpd      16111 Jun 19 17:53 /w/x/y/z/main_uebersicht.html
bash-2.03$ id webadmin
uid=2003(webadmin) gid=1083(web)
bash-2.03$ id httpd
uid=2002(httpd) gid=1082(httpd)
bash-2.03$ ps -ef | grep httpd | head -1
webadmin 20534 20514  0 09:37:58 ?        0:00 /opt/apache-1.3.27/daybyday/bin/httpd -DSSL
bash-2.03$
 [2002-10-24 12:19 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


Forget the pre1, use the snapshot. And if it really doesn't work, update the version to '4.3.0-dev'.

 [2002-11-09 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2002-12-30 14:28 UTC] westman dot 2 at osu dot edu
I have been working with trying to get safe_mode to work for almost a week.  I have used a number of versions for php, including the recently released 4.3.0 and all of them are giving me this same error message.  I have searched the Internet (Google) as well as bugs.php.net, all to no avail.

In fact, if I have safe_mode on, I am unable to include any file from ANY directory, even the cwd, unless it is owned by 1 (even though "." is enabled both in the include_path and in the safe_mode_include_dirs statements in php.ini):

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 1/5004 is not allowed to access ./prepend.php owned by uid/gid 0/1 in Unknown
on line 0

Warning: Unknown(prepend.php): failed to create stream: No such file or directory in Unknown on line 0

Warning: Unknown(): Failed opening 'prepend.php' for inclusion (include_path='.:/opt/apache/php:/opt/apache/php/lib:/opt/apache/php/inc') in Unknown on line 0

Is it possible that safe_mode just doesn't work on Solaris?
 [2003-02-26 18:39 UTC] rohan at cs dot rmit dot edu dot au
Also suffering this bug in 4.3.1/apache 1.3.27 

compiled using Sun workshop 7 on Solaris 8 Sparc 

exact same errors, ie 

reported uid always = 1 
reported gid = file's uid 

on all file operations fopen() include etc... 

any progress on this ?
 [2003-02-26 18:48 UTC] rohan at cs dot rmit dot edu dot au
Another comment, 

  also looks related to 12683, I also have compiled 
in mod_perl 1.x .... will try to compile without 
mod_perl and see what happens :) 

do I need to submit this as a new bug ? or will 
this one be re-opened ? 

Cheers 

Rohan
 [2003-11-10 12:11 UTC] ksvee at usit dot uio dot no
I still experience this bug for php-4.3.4/apache-1.3.29.

It seems to have been fixed in 4.2.3 (as this is the only newer version of PHP that works for us on Solaris 8 (SunOS Release 5.8)) and reintroduced in 4.3.X. From 4.3.0 through 4.3.4 this persists. The snapshots tested gave no different results to the releases.

On linux (RedHat 7.3 through 9) this has never been a problem. We use a non-standard setup, but have the same configure parameters on both architectures (with the exeption of compiler used; gcc on linux, cc on solaris).

I've tried using "--with-apxs=/path/to/apxs --prefix=/path/to/prefix" as the only options to configure to no avail.

Errormessage from tests today (php-4.3.4 release), using the above options to configure:

PHP Warning:  Unknown(): SAFE MODE Restriction in effect.  The script whose uid is 1 is not allowed to access /full/path/to/script.php owned by uid 0 in Unknown on line 0

From php.ini: safe_mode = On

'script.php' is owned by root, so what bothers me is that it at one point finds that the running script (script.php) has uid=1, and at another finds it to be uid=0 (which is correct as fileowner=root => uid=0). Changing owner of script.php does nothing (except getting another uid in the error.log), unless that user has uid=1.

In script.php i do an fopen() on 'file.txt'. After doing a 'chmod 1 script.php' the script executes, but I get the same errormessage (followed by a PHP Warning that fopen failed) unless I also do a chmod on file.txt. When both files have uid=1, the script works.

Rgds,
Kenneth Svee
 [2007-01-31 10:55 UTC] priappub at yahoo dot fr
On Solaris 10 (11/06) with apache 2.0.58 and PHP 5.1.6, I 
have the same problem. It seems like php_getuid() returns 1 
instead of the UID of the script.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 10:03:34 2021 UTC