|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22270 cgi binary parses itself when called directly
Submitted: 2003-02-18 07:29 UTC Modified: 2003-08-06 18:39 UTC
From: zlo at canada dot com Assigned: shane (profile)
Status: No Feedback Package: CGI/CLI related
PHP Version: 4CVS-2003-02-18 (stable) OS: RedHat 7.2
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-02-18 07:29 UTC] zlo at canada dot com
when PHP cgi binary is called from cgi-bin without cgi-redirect, it parses itself (argv[0] of the binary, whatever that happens to be)! i don't think it represents much of a security problem (it still does to some extent, because it reveals path to php and default settings), and no sane person will run the cgi binary without cgi-redirect, but i don't think its the way its supposed to be either..

here is a simple example; this also works with the php binary itself in place of this binary. 
this results in some binary output and the typical phpinfo() page in the middle:
# cat php.c

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

const char *PHP_BINARY="/path/to/php/bin/php";
const char * dummy="<?php phpinfo(); ?>";

int main(int argc, char *argv[]){
  return 1;

p.s. btw this simple wrapper (without the phpinfo() part, or course) can be used as a workaround for the vulnerability with cgi-redirect that resulted in the release of 4.3.1 since it removes parameters before exec'ing php itself..

p.p.s. where can i post "feedback"? i can't seem to find it..


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-19 01:09 UTC]
This has happened for some time, it's a big part of what prompted my starting on rewriting cgi stuff.  It shouldn't happen with 4.3 if cgi.fix_pathinfo=1, or if you don't compile with discard-path.
 [2003-02-19 10:06 UTC] zlo at canada dot com
here is my configure:
./configure' '--with-config-file-path=/path/to/php' '--prefix=/path/to/php-test' '--enable-force-cgi-redirect' '--disable-cli' '--enable-bcmath' '--enable-trans-sid' '--with-zlib-dir=/build/zlib-1.1.4' '--with-mysql=/usr/local' 

i also put cgi.fix_pathinfo in php.ini, doesn't help.
 [2003-05-26 18:26 UTC]
Does this happen with latest stable snapshot from ?

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 25 10:01:29 2024 UTC