PHP :: Bug #18823 :: open_basedir not working for include() or readfile()

Bug #18823

open_basedir not working for include() or readfile()

Submitted:

2002-08-09 00:01 UTC

Modified:

2005-01-31 22:40 UTC

Votes:	2
Avg. Score:	3.5 ± 0.5
Reproduced:	1 of 2 (50.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

matt at haught dot com

Assigned:

Status:

Closed

Package:

Safe Mode/open_basedir

PHP Version:

4.2.2

OS:

FreeBSD-4.4-RELEASE

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2002-08-09 00:01 UTC] matt at haught dot com

I am using an Aug 6th cvs build of php4 on apache-1.3.26.  I have chrooted apache and I also wanted to use open_basedir to help improve security between users.  My open_basedir is set to "/www/admin/:/www/global.include/", and to test open_basedir i created /www/admin/basedir.php which contains:
<?php
echo 'Include test<br>'
include("/etc/resolv.conf");
echo '<br><br>Readfile test <br>';
echo readfile("/etc/resolv.conf");
?>
The result is the printing of my nameservers from outside the open_basedir.  I do however get a open_basedir warning for trying to open outside files using fopen/fread and also readdir, but not with include(), include_once(), or readfile().

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-26 22:26 UTC] matt at haught dot com

This was fixed in cvs; main/streams.c 1.73 by wez.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 22:01:29 2024 UTC