php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29840 [PATCH] is_executable() does not honor safe_mode_exec_dir setting
Submitted: 2004-08-25 18:06 UTC Modified: 2008-02-15 08:31 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:3 (100.0%)
From: markus at cultcom dot de Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 5CVS, 4CVS (2005-01-04) OS: *
Private report: No CVE-ID:
 [2004-08-25 18:06 UTC] markus at cultcom dot de
Description:
------------
Seems to be a common problem nobody complains about...
"is_executable()" does not work in safe_mode!

Some PHP-Projects check for sendmail using this function and don't work in safe_mode even if sendmail acutally IS executable (i.e. PEAR: Mail.php).

is_executable() should at least honor the safe_mode_exec_dir directive!

Reproduce code:
---------------
<?php
if( is_executable( "/usr/sbin/sendmail" ) ) {
   print ("no probs!\n");
}
else {
   print ("this really sucks!\n");
}
?>

Try with PHP/CGI and suexec + safe_mode
where example-UID != sendmail-UID


Expected result:
----------------
true, what else?

Actual result:
--------------
false.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-12 01:00 UTC] tony2001@php.net
Please try this patch:
http://tony2001.phpclub.net/dev/tmp/bugs_29840_31618.diff
(with the latest snapshot/CVS).
 [2005-12-05 11:17 UTC] tomsommer@php.net
Any news on this?

Would appreciate this patch in PHP4 and PHP5
 [2005-12-19 18:17 UTC] sniper@php.net
tony2001: 2 words for you: Just commit! :)
 [2006-12-09 16:01 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 08:02:33 2014 UTC