|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30905 open_basedir don't work
Submitted: 2004-11-26 13:02 UTC Modified: 2005-01-31 23:21 UTC
From: sat at lomejordeinternet dot net Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.3.9 OS: Linux Fedora 2
Private report: No CVE-ID: None
 [2004-11-26 13:02 UTC] sat at lomejordeinternet dot net

In this circustances, with open_basedir on httpd.conf (<IfModule mod_php4.c>
php_admin_value open_basedir "/home/xn3m/:/usr/lib/php:/usr/local/lib/php:/tmp"

If execute certain local exploit such file attached, user can read any dir with grup other read permission.

Reproduce code:
(This machine don't work already bug becase added to php.ini disable_functions   = passthru,exec,shell_exec,proc_open)

Expected result:
Use cat comand for see any file with password (config.php of several scripts,..)
Use ls for see structure filesystem...


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-26 13:12 UTC]
This is not a bug, PHP can not stop other programs from going into directories protected by open_basedir. 
 [2004-11-26 21:51 UTC] sat at lomejordeinternet dot net
Well. Not bug?

If php_admin_value open_basedir restrict to use /XXX /yyy /zzzz but user can with a script onto /XXX ,  for example he can read /etc or /WWW/XXX/ (this dir not in open_basedir)

What this it?
 [2004-11-27 14:20 UTC] sat at lomejordeinternet dot net
"Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. "

It's posible run a system comand con /bin when this dir it's not it open_basedir ?
 [2004-11-27 14:22 UTC] sat at lomejordeinternet dot net
Or run ls for red list dir out of directory protected for open_basedir ?
 [2004-11-27 15:01 UTC]
Yes, as I said PHP can not protect against this as it happens outside the PHP program.
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Sep 21 15:01:27 2019 UTC