php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27133 tempnam broken in SAFE MODE
Submitted: 2004-02-03 10:01 UTC Modified: 2004-02-03 11:27 UTC
From: kulpp at wsg dot net Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 4.3.4 OS: Linux
Private report: No CVE-ID:
 [2004-02-03 10:01 UTC] kulpp at wsg dot net
Description:
------------
Back in 4.0.3, tempnam() was changed to actually create the temp file to avoid a race condition. It would seem that the current implemntation is inconsistent with SAFE MODE restrictions which then prevent access to the filename returned by tempnam().



Reproduce code:
---------------
<%
$filename = tempnam('', 'test_');
fopen($filename, 'r');
%>

Expected result:
----------------
no errors or warnings

Actual result:
--------------
Warning: fopen(): SAFE MODE Restriction in effect. The script whose uid is 579 is not allowed to access /tmp/test_zSTbRQ owned by uid 18 in /usr/local/www/docs/test/tempnam_broken.php on line 5

Warning: fopen(/tmp/test_zSTbRQ): failed to open stream: Permission denied in /usr/local/www/docs/test/tempnam_broken.php on line 5

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-03 10:12 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When creating a temporary filename, you should use the 1st 
parameter to the function to specify a directory which you 
will be able to access. 
 [2004-02-03 10:13 UTC] sniper@php.net
see: http://www.php.net/tempnam

And notice the first parameter you can give it..
This is intentional.


 [2004-02-03 10:59 UTC] kulpp at wsg dot net
I understand the documentation on the first parameter. I am intentionally relying on the rest of documentation that states that it will use the system default temp space in this case.
PS: it exhibits the exact same behaviour with tempnam('\tmp', 'test_')

The temp file IS being created, but it's not owned with the correct UID. Doesn't this behaviour make the tempnam function useless under SAFE MODE?
 [2004-02-03 11:12 UTC] kulpp at wsg dot net
$filename = tempnam('\tmp', 'test_');
fopen($filename, 'r');

still produces
Warning: fopen(): SAFE MODE Restriction in effect. The script whose uid is 579 is not allowed to access /tmp/test_YNsKKT owned by uid 18 in ...
 [2004-02-03 11:27 UTC] sniper@php.net
Yes, don't use safe-mode or don't use tempnam.

 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 02:02:10 2014 UTC