php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27603 incorrect appying open_basedir
Submitted: 2004-03-15 07:37 UTC Modified: 2005-01-31 22:45 UTC
Votes:10
Avg. Score:4.8 ± 0.6
Reproduced:9 of 9 (100.0%)
Same Version:3 (33.3%)
Same OS:3 (33.3%)
From: pk at nodex dot ru Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 4CVS-2004-03-15 OS: Solaris 9
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: pk at nodex dot ru
New email:
PHP Version: OS:

 

 [2004-03-15 07:37 UTC] pk at nodex dot ru
Description:
------------
I have apache 1.3.27 with php 4.3.5RC3.

Trouble with incorrect applying of open_basedir on one apache child and some virtual hosts.

>[15-Mar-2004 15:09:20] PHP Warning:  main(): open_basedir restriction in effect. File(/usr/hosting/autod/html/price/includes/db_part/main.php) is not within the allowed path(s): (/usr/hosting/true) 
in /usr/hosting/autod/html/price/db_part.php on line 67
[15-Mar-2004 15:10:59] PHP Warning:  Unknown(): open_basedir restriction in effect. File(/usr/hosting/autod/html/apedia/law/2-4.php) is
 not within the allowed path(s): (/usr/hosting/johnpp) in Unknown on line 0
[15-Mar-2004 15:10:59] PHP Warning:  Unknown(/usr/hosting/autod/html/apedia/law/2-4.php): failed to open stream: Not owner in Unknown on line 0

[15-Mar-2004 15:10:59] PHP Warning:  (null)(): Failed opening '/usr/hosting/autod/html/apedia/law/2-4.php' for inclusion (include_path='/usr/hosting/nedug_unix/apteka/lib/php-lib:/usr/hosting/nedug_unix/apteka/include') in Unknown on line 0

That vhost have open_basedir - /usr/hosting/autod
And i have other vhosts with open_basedirs - /usr/hosting/%username%
I think open_basedir is inheriting after previons request to another vhost.

PHP 4.2.3 not have that bug.
I tryed to use all versions 4.3.0 - 4.3.5RC3, all of this versions have that bug



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-16 11:55 UTC] sniper@php.net
Are you sure you just haven't misconfigured something?
Some stray .htaccess file somewhere in there?

And we can not reproduce this without knowing how you
a) configured PHP (the ./configure line you used)
b) What you have in your httpd.conf / .htaccess files?

The ini leaking is really fixed in latest CVS and that bug definately exists in 4.2.3 too. 

Get fresh Apache sources (1.3.27 is way too old already, get  the latest which is 1.3.29) and recompile PHP. Make sure you  stop / start apache properly, restart does NOT work.




 [2004-03-18 02:45 UTC] pk at nodex dot ru
Hello!

PHP 4.2.3 is workeng fine with this configuration.

Configure:

CC="gcc" \
CXX="gcc" \
CFLAGS="-I/usr/local/sfio/include -mcpu=v9  -mtune=ultrasparc" \
CXXFLAGS="-I/usr/local/sfio/include -mcpu=v9  -mtune=ultrasparc " \
CPPFLAGS="-I/usr/local/sfio/include -mcpu=v9  -mtune=ultrasparc " \
LDFLAGS="-lstdc++ -lstdio -lsfio -liconv -L/usr/local/mnogosearch/lib -lmnogosearch -ludmsearch" \
EXTRA_LIBS="-lstdc++ -lstdio -lsfio -liconv -L/usr/local/mnogosearch/lib -lmnogosearch -ludmsearch" \
./configure \
--with-apache=/usr/home/export/compile/apache/apache \
--with-mod_charset \
--with-pgsql=/usr/local/pgsql \
--disable-debug \
--enable-calendar \
--enable-inline-otimization \
--with-zlib \
--with-gd=/usr/local \
--with-jpeg-dir=/usr/local/lib \
--with-png-dir=/usr/local/lib \
--with-xpm-dir=/usr/lib \
--with-freetype-dir=/usr/local \
--with-zlib-dir=/usr/lib \
--with-freetype-dir=/usr/local/freetype2 \
--enable-wddx \
--with-curl \
--with-expat \
--enable-trans-sid \
--with-iconv \
--enable-xslt \
--with-xslt-sablot \
--with-imap \
--with-imap-ssl \
--with-openssl=/usr/local/ssl \
--with-mnogosearch=/usr/local/mnogosearch \
--enable-dbase \
--with-mysql=/usr/local/mysql

I`m setting in httpd.conf for each vhost:

php_admin_flag safe_mode on
php_admin_flag track_vars on
php_admin_value doc_root
php_admin_value open_basedir
php_admin_value safe_mode_exec_dir
php_admin_value upload_tmp_dir
php_admin_value session.save_path
php_admin_value max_execution_time 60
php_admin_value upload_max_filesize 3145728

My system is Solaris 9\01 with lastest patches.
 [2004-04-04 09:46 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 20:01:28 2024 UTC