php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27321 open_basedir setting leaking between vhosts
Submitted: 2004-02-19 13:57 UTC Modified: 2004-03-03 08:39 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: jg at execulink dot com Assigned:
Status: Closed Package: Apache related
PHP Version: 4.3.5RC3 OS: Redhat Linux 7.3
Private report: No CVE-ID: None
 [2004-02-19 13:57 UTC] jg at execulink dot com
Description:
------------
INI Settings, specificially open_basedir seems to be leaking between apache virtualhost settings.  Bug seems to be very similar to #25753, but was not resolved for me in 4.3.5RC3.

e.g., One user - pookie's php fails with the following error:  (pdipietro is another user on the system, in another virtualhost).

I would really appreciate either a workaround, patch, or fix!

phpinfo(); PHP Version 4.3.5RC3

Warning: Unknown(): open_basedir restriction in effect.
File(/usr/ppp/p/pookie/public_html/index.php) is not within the allowed
path(s): (/usr/ppp/p/pdipietro) in Unknown on line 0

Warning: Unknown(/usr/ppp/p/pookie/public_html/index.php): failed to
open stream: Operation not permitted in Unknown on line 0

Warning: (null)(): Failed opening
'/usr/ppp/p/pookie/public_html/index.php' for inclusion
(include_path='.:/usr/share/pear') in Unknown on line 0


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-20 08:06 UTC] jg at execulink dot com
I'm using  Apache/1.3.27 (Unix)  (Red-Hat/Linux)

I've already tried running this snapshot:
php4-STABLE-200402191630 with no luck.
 [2004-02-24 17:12 UTC] sniper@php.net
This is some configuration failure on user's side:

File(/usr/ppp/p/pookie/public_html/index.php) is not within the allowed path(s): (/usr/ppp/p/pdipietro) in Unknown on line 0

(this is perfectly valid and expected error when you try to access file outside the open_basedir..)

 [2004-02-25 08:08 UTC] jg at execulink dot com
Actually this is not a configuration problem, since the open_basedir it's complaining about is NOT the one I have configured for that vhost.
 [2004-02-27 14:19 UTC] ibaldo at esquemas dot com
With Fedora Core 1, php-4.3.4-1.1 and httpd-2.0.48-1.2 we are experiencing the exact same problem with open_basedir.
Settings of open_basedir are being reflected in other vhosts that doesn't specify an open_basedir!
To reproduce the problem we accesed continuosly to a vhost that has the open_basedir set, and simultaneusly we accesed continuosly a vhost without the open_basedir, and the open_basedir of the first was sometimes applied to the second vhost mentioned, trying diferent vhosts which had the basedir and others that don't, we seen that the first was applied to the second in accordance to the hosts being tested at that particular time!
This is not a configuration problem as someone mentions but clearly a nasty bug.
If someone gets an specific patch for this that could be tested in a production environment then please contact us.
Thank you guys!
 [2004-03-03 08:28 UTC] jg at execulink dot com
I dumped the RH7.3 / Apache 1.3.27 box, and installed RHEL 3, Apache 2.0.46, with php 4.3.2, and I'm not having this problem anymore.
 [2004-03-03 08:39 UTC] derick@php.net
Considered fixed, please reopen when the bug re-occurs.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Jun 25 21:05:44 2022 UTC