php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #24521 chdir() ignores php_admin_value open_basedir
Submitted: 2003-07-07 05:42 UTC Modified: 2004-08-07 16:55 UTC
From: jjarven at softers dot net Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4.3.2 OS: Linux 2.4.18
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jjarven at softers dot net
New email:
PHP Version: OS:

 

 [2003-07-07 05:42 UTC] jjarven at softers dot net 
Description:
------------
Apache 1.3.27
httpd.conf:
php_admin_value open_basedir /home/www/

- phpinfo() reports local value in effect to be /home/www/


Reproduce code:
---------------
chdir('/etc');
echo getcwd();


Expected result:
----------------
"open_basedir restriction in effect"


Actual result:
--------------
Will output: /etc

I tested opendir(), readdir() and readfile() and they behave correctly, thus are not able to read anything outside open_basedir.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-07 05:50 UTC] derick@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

open_basedir restricts opening files. If that is working then there is no bug here at all.
 [2003-07-07 05:53 UTC] sniper@php.net 
It might be nice to mention this in the docs too. :)
 [2003-07-07 06:26 UTC] jjarven at softers dot net 
Unless safe_mode is enabled, at least system-function is able to go where-ever wants to (well, within httpd's access rights).

I think it would be nice also to restrict system (exec, etc)-functions, without using safe_mode.
 [2003-07-07 06:30 UTC] theseer@php.net 
Due to the nature of a 'system call' this is technically not possible for php (or any other application).
You have to rely on system security here.
 [2004-08-07 16:55 UTC] vrana@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

"The special value . indicates that the working directory of the script will be used as base-directory. This is however little dagerous as the working directory of the script can be easily changed by chdir()."
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 21:01:31 2024 UTC