php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #19363 PHP safe mode security problem
Submitted: 2002-09-11 18:57 UTC Modified: 2002-11-13 01:00 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dados at impazz dot it Assigned:
Status: No Feedback Package: Filesystem function related
PHP Version: 4.2.2 OS: Linux 2.4.2-2smp
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dados at impazz dot it
New email:
PHP Version: OS:

 

 [2002-09-11 18:57 UTC] dados at impazz dot it 
Hello, using apache 1.3.26, I have safe mode on

I have a simple single-line script: safemode.php

<?print_r($fp = fopen('newsletter.html', 'r'));?>

safemode is owned by wbr:wbr and newsletter.html is owned
by root:root as you can see

-rw-r--r--    1 root     root        22161 Sep 12 00:17 newsletter.html
-rw-r--r--    1 wbr      wbr            43 Sep 12 01:24 safemode.php

safemode.php execution simply return 'Resource id #1' without errors related to safe mode, even if the owner of the files is not the same

If I change the owner of safemode.php
$ chown nobody:nobody safemode.php
and reload safemode.php I get the expected warning:

Warning: SAFE MODE Restriction in effect. The script whose uid is 99 is not allowed to access newsletter.html owned by uid 

If I change the user back to wbr:wbr --> No warning

Helpful info:

$ cat /etc/passwd |grep wbr
wbr:x:501:501::/www/wbr:/bin/bash

$ cat /usr/local/lib/php.ini |grep safe_mode |grep -v "^;"
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = "/usr/local/lib/php"
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
sql.safe_mode = Off

Hope can help
Thanks a lot

Edoardo Serra

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-11 19:52 UTC] dados at impazz dot it 
Upgraded to php 4.3.3 --> still having the same problem
 [2002-10-28 10:56 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip
 [2002-11-13 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 12:01:27 2024 UTC