|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19363 PHP safe mode security problem
Submitted: 2002-09-11 18:57 UTC Modified: 2002-11-13 01:00 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dados at impazz dot it Assigned:
Status: No Feedback Package: Filesystem function related
PHP Version: 4.2.2 OS: Linux 2.4.2-2smp
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-09-11 18:57 UTC] dados at impazz dot it
Hello, using apache 1.3.26, I have safe mode on

I have a simple single-line script: safemode.php

<?print_r($fp = fopen('newsletter.html', 'r'));?>

safemode is owned by wbr:wbr and newsletter.html is owned
by root:root as you can see

-rw-r--r--    1 root     root        22161 Sep 12 00:17 newsletter.html
-rw-r--r--    1 wbr      wbr            43 Sep 12 01:24 safemode.php

safemode.php execution simply return 'Resource id #1' without errors related to safe mode, even if the owner of the files is not the same

If I change the owner of safemode.php
$ chown nobody:nobody safemode.php
and reload safemode.php I get the expected warning:

Warning: SAFE MODE Restriction in effect. The script whose uid is 99 is not allowed to access newsletter.html owned by uid 

If I change the user back to wbr:wbr --> No warning

Helpful info:

$ cat /etc/passwd |grep wbr

$ cat /usr/local/lib/php.ini |grep safe_mode |grep -v "^;"
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = "/usr/local/lib/php"
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
sql.safe_mode = Off

Hope can help
Thanks a lot

Edoardo Serra


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-11 19:52 UTC] dados at impazz dot it
Upgraded to php 4.3.3 --> still having the same problem
 [2002-10-28 10:56 UTC]
Please try using this CVS snapshot:
For Windows:

 [2002-11-13 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jun 19 10:01:24 2021 UTC