php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19354 utime (fopen) error in safe mode
Submitted: 2002-09-11 05:12 UTC Modified: 2002-10-08 02:05 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: tamas at mile dot hu Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 4.2.3, 4.3.0-dev OS: Linux Slackware 8
Private report: No CVE-ID: None
 [2002-09-11 05:12 UTC] tamas at mile dot hu
fopen("x.txt","r");
Gives a warning:
Warning: utime failed: Operation not permitted in test.php
This error wasn't in the 4.2.2
The owner of the x.txt and the test.php is same as  (akcio)
(There is chmod 777 on the x.txt and the on the directory)
The owner of the apache process is nobody (uid 99)
I made a patch into the safe_mode.c becase with this the users can open the uploaded files next time.
With this patch if I change the owner of the x.txt to nobody (uid99) it will works fine.


...
               } else {
                        uid = sb.st_uid;
                        gid = sb.st_gid;
                        if (uid == php_getuid()) {
                                return 1;
                        } else {
/* Miletics Tamas -M.T.-*/
                                if (uid == 99) { return 1; }
                                if (PG(safe_mode_gid) && (gid == php_getgid()))$
                                return 1;
                                }
                        }
                }

...



                       php_error(E_WARNING, "Unable to access %s", filename);
                        return 0;
                }
                duid = sb.st_uid;
                dgid = sb.st_gid;

/* Miletics Tamas -M.T.- */
                if (duid == 99) {return 1;};

                if (duid == php_getuid()) {
                        return 1;
                } else if (PG(safe_mode_gid) && dgid == php_getgid()) {
                        return 1;
                } else {
                        TSRMLS_FETCH();


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-11 05:18 UTC] tamas at mile dot hu
I've checked the original safe_mode.c and the symptom is same as.
 [2002-09-11 08:56 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip
 [2002-09-12 17:15 UTC] tamas at mile dot hu
The error message changed but this version has this bug too:

Warning: touch() [function.touch]: Utime failed: Operation not permitted in x.php on line 117

Before the test I made chown  777 on the work file and the directory too again.
If I change the owner of the file to the owner of the running process the fopen won't give any error.
 [2002-09-12 22:09 UTC] sniper@php.net
Stupid question..but if the httpd owner doesn't have rights to write to that file..why should it work??
And I guess you meant 'chmod' instead of 'chown'...?

 [2002-09-13 04:41 UTC] tamas at mile dot hu
Dear Sniper I think if you have rwxrwxrwx rights on a file and the directory you can read and write and modify that.
Basicly in safe_mode you can read and write files of which owner is equal of the php page.
In this case it means you can read and write files which are owned by the "akcio" user who is the owner of the x.php and I have to give for example a chmod 777 because the apache running as nobody.

So it's really a bug which wasn't in the previous versions (up to and including 4.1.2)

(Yes, I meant 'chmod' instead of 'chown', sorry the local time was about 2 a.m.)
 [2002-09-13 12:20 UTC] sniper@php.net
Updated version information.

 [2002-09-13 12:50 UTC] sesser@php.net
I am quite sure that this bug has nothing todo with SAFE_MODE. Could you please search for

newtime->modtime = newtime->actime = time(NULL);

in ext/standard/filestat.c (must be withing 
touch() function)
and then comment this line out and recompile...
It it very likely that this line causes your utime problem.

 [2002-09-16 15:40 UTC] tamas at mile dot hu
Warning: utime failed: Operation not permitted in /home/www.akcio7.hu/botmenu.php on line 117

"
It hasn't changed the problem in the 4.2.3 the message is same  "Warning: utime failed: Operation not permitted in x.php on line 6
"

In one thing you are right I switched off the safe_mode for a minute and the error is the same.
 [2002-09-16 15:53 UTC] tamas at mile dot hu
After a little localization i've found the message is coming from this section:

        ret = VCWD_UTIME(Z_STRVAL_PP(filename), newtime);
        if (ret == -1) {
                php_error(E_WARNING, "utime failed (debug 1): %s", strerror(errno)$
                RETURN_FALSE;
        }
        RETURN_TRUE;

So the bug is in the VCWD_UTIME(Z_STRVAL_PP(filename), newtime); function.
 [2002-10-07 21:55 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2002-10-08 02:04 UTC] tamas at mile dot hu
This developer version seems fine.

Thanks.
 [2002-10-08 02:05 UTC] tamas at mile dot hu
Thanks.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 08 06:05:52 2022 UTC