|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30905 open_basedir don't work
Submitted: 2004-11-26 13:02 UTC Modified: 2005-01-31 23:21 UTC
From: sat at lomejordeinternet dot net Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 4.3.9 OS: Linux Fedora 2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: sat at lomejordeinternet dot net
New email:
PHP Version: OS:


 [2004-11-26 13:02 UTC] sat at lomejordeinternet dot net

In this circustances, with open_basedir on httpd.conf (<IfModule mod_php4.c>
php_admin_value open_basedir "/home/xn3m/:/usr/lib/php:/usr/local/lib/php:/tmp"

If execute certain local exploit such file attached, user can read any dir with grup other read permission.

Reproduce code:
(This machine don't work already bug becase added to php.ini disable_functions   = passthru,exec,shell_exec,proc_open)

Expected result:
Use cat comand for see any file with password (config.php of several scripts,..)
Use ls for see structure filesystem...


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-26 13:12 UTC]
This is not a bug, PHP can not stop other programs from going into directories protected by open_basedir. 
 [2004-11-26 21:51 UTC] sat at lomejordeinternet dot net
Well. Not bug?

If php_admin_value open_basedir restrict to use /XXX /yyy /zzzz but user can with a script onto /XXX ,  for example he can read /etc or /WWW/XXX/ (this dir not in open_basedir)

What this it?
 [2004-11-27 14:20 UTC] sat at lomejordeinternet dot net
"Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. "

It's posible run a system comand con /bin when this dir it's not it open_basedir ?
 [2004-11-27 14:22 UTC] sat at lomejordeinternet dot net
Or run ls for red list dir out of directory protected for open_basedir ?
 [2004-11-27 15:01 UTC]
Yes, as I said PHP can not protect against this as it happens outside the PHP program.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Jul 05 07:01:26 2020 UTC