php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26220 dba_open read arbitrary files
Submitted: 2003-11-12 09:57 UTC Modified: 2003-11-12 17:58 UTC
From: evgeny at 100mb dot ru Assigned: helly (profile)
Status: Not a bug Package: DBM/DBA related
PHP Version: 4.3.4 OS: FreeBSD 4.7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
13 + 42 = ?
Subscribe to this entry?

 
 [2003-11-12 09:57 UTC] evgeny at 100mb dot ru
Description:
------------
dba_open() creates *.db file with fragments of system files or source php scripts


Reproduce code:
---------------
<?php
$db=dba_open("/var/tmp/test.db","n", "gdbm");
?>




Expected result:
----------------
Create test.db only

Actual result:
--------------
#cat /var/tmp/test.db

...
127.0.0.1               localhost localhost.my.domain
#
# Imaginary network.
#10.0.0.2               myname.my.domain myname
#10.0.0.3               myfriend.my.domain myfriend
...
(pert of my /etc/hosts here! :( and part of my /etc/services file below :-()
....
hylafax         4559/tcp   #HylaFAX client-server protocol
rfa             4672/tcp   #remote file access server
rfa             4672/udp   #remote file access server
commplex-main   5000/tcp
commplex-main   5000/udp
.....


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-12 17:58 UTC] helly@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

Don't use gdbm then.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC