php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23349 safe_mode file UID check not functional when directory owned by user
Submitted: 2003-04-25 14:06 UTC Modified: 2005-01-31 23:35 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: gk at proliberty dot com Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.3.2RC1 OS: linux
Private report: No CVE-ID: None
 [2003-04-25 14:06 UTC] gk at proliberty dot com
The output below illustrates this problem:
safe_mode UID check is not applied to a file not owned by the user if the user owns the directory iin which it resides. 

I have not tested to see if this problem is reproducible under other than SAPI/CLI.
My php.ini is 'php.ini-recommended'. open_basedir is not set.

[greg@p3 safe]$ php -v
PHP 4.3.2-RC (cli) (built: Mar 24 2003 12:27:32)

[greg@p3 safe]$ cat safe.junk
hi

[greg@p3 safe]$ ls -al
total 12
drwxr-xr-x    2 greg     greg         4096 Apr 25 11:48 .
drwxrwxr-x    9 greg     greg         4096 Apr 25 11:48 ..
-rw-r--r--    1 root     root            3 Apr 25 11:46 safe.junk
[greg@p3 safe]$ ls -al
[greg@p3 safe]$ whoami
greg
[greg@p3 safe]$ php -d safe_mode=1 -r 'readfile("safe.junk");'
hi
[greg@p3 safe]$ php -d safe_mode=1 -r 'readfile("/etc/passwd");'
PHP Warning:  readfile(): SAFE MODE Restriction in effect.  The script whose uid is 500 is not allowed to access /etc/passwd owned by uid 0 in Command line code on line 1
PHP Warning:  readfile(/etc/passwd): failed to open stream: No such file or directory in Command line code on line 1
[greg@p3 safe]$ cd ..
[greg@p3 junk]$ su
Password: 
[root@p3 junk]# chown root:root safe
[root@p3 junk]# exit
exit
[greg@p3 junk]$ cd safe
[greg@p3 safe]$ php -d safe_mode=1 -r 'readfile("safe.junk");'
PHP Warning:  readfile(): SAFE MODE Restriction in effect.  The script whose uid is 500 is not allowed to access safe.junk owned by uid 0 in Command line code on line 1
PHP Warning:  readfile(safe.junk): failed to open stream: No such file or directory in Command line code on line 1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-26 16:06 UTC] rasmus@php.net
That's by design.  If the user owns the directory it is assumed he is allowed to access files in it.  
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC