php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20689 php_admin_value disable_functions not working as it should
Submitted: 2002-11-27 20:09 UTC Modified: 2003-04-30 11:50 UTC
Votes:24
Avg. Score:4.8 ± 0.5
Reproduced:19 of 19 (100.0%)
Same Version:7 (36.8%)
Same OS:13 (68.4%)
From: webmaster at walia dot com Assigned:
Status: Wont fix Package: *Configuration Issues
PHP Version: 4.2.3 OS: w2k and linux both
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-11-27 20:09 UTC] webmaster at walia dot com
OK, here it goes, i will come to the point.

php_admin_value disable_functions function_string does not work on a per domain basis. i know that is what the documentation says also. but i think it should be allowed to work on a per domain basis by allowing it to be used in the conf file in the virtual domains.

The funny part is that even if you do put this in the virtual domain, for example php_admin_value disable_functions phpinfo, this means that phpinfo is not allowed to run on that domain.  the phpinfo not only runs, but it shows the local setting that phpinfo is actually disabled. where as it is not.

if this were allowed to be in the conf files, running php would be a lot more secure and there will be a lot less headache for the admin

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-27 20:22 UTC] rasmus@php.net
For technical reasons this cannot be done.  Well, it could, but the performance penalty would be huge.
 [2002-11-27 20:55 UTC] akaylaa at yahoo dot com
Even if the performance penalty is huge, it would still be really nice to have that for security reasons.

what is you are doing web hosting on windows and want to stop people from running system commands. the user can run a system command in his own folder, of course, but then he can also run a batch file that actually access files above his own folder even if safe mode is on and base dir is set.

the problem will be running of the batch file.  legally the user only used a php system command in his own folder, but the batch file can now go ahead and delete files on the server anywhere.

so i personally consider this to be a bug, and a very serious one from the point of view of web hosting for the public.
 [2002-11-27 21:17 UTC] rasmus@php.net
So run a separate restricted instance of Apache/PHP for virtualhosts you want to restrict and a non-restricted one for the others.
 [2002-11-27 21:56 UTC] webmaster at walia dot com
cant run a seperate instance of apache on w2k when it is running as a service, can i ? and how to run a seperate instance of php?

can you explain this a bit more in detail?
 [2002-11-27 22:01 UTC] rasmus@php.net
You can run multiple services.  So simply run 2 Apaches on different ports.  Stick a reverse proxy out in front to redirect the requests appropriately and so all requests will be coming in on port 80 from outside.  But, this is not the appropriate place to teach you how to design a hosting solution.  Do a bit of research on your own.
 [2003-04-30 11:33 UTC] bugs dot php at jensthebrain dot de
Could you please change the documentation to reflect this behaviour?
 [2003-04-30 11:50 UTC] philip@php.net
The fact that disable_functions must be set in php.ini (and not httpd.conf) is indeed documented under disable_functions, see:

http://www.php.net/manual/en/features.safe-mode.php

There is also an open documentation bug to document every directive that follows this behavior but nobody has answered this call.  Here's that report:

http://bugs.php.net/bug.php?id=11598


 [2003-04-30 11:56 UTC] csamsel at gmxpro dot de
if the performance penalty is huge, make php_admin_value disable_functions possible through a configure option. That would be nice. If not, running PHP on a server hosting free and payed sebspace is almost not possible. Running two apache makes the machine probably slower than implementing this feature.
 [2003-04-30 16:16 UTC] ch at heesch-it dot de
Please consider implementing the possibility of using disable_functions in a per-directory or per-virtualhost environment!
As my predecessors already said, the security advantage is much more interesting than a slight perfomance loss.
It's no use having great performance on a machine which was damaged by some user (might it be intended or not).

What do you think about this solution:
Allowing different php.ini files in different virtual hosts? 
If this was implemented, many admins would be relieved!
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Aug 18 23:01:26 2019 UTC