PHP :: Bug #3454 :: Allows access to any directory on server

Bug #3454	Allows access to any directory on server
Submitted:	2000-02-11 07:38 UTC	Modified:	2005-03-31 16:13 UTC
From:	norikd at usa dot net	Assigned:
Status:	Wont fix	Package:	Other
PHP Version:	3.0.12	OS:	RedHat 5.1
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	norikd at usa dot net
New email:
PHP Version:		OS:

New Comment:

[2000-02-11 07:38 UTC] norikd at usa dot net

php3.ini as follows

safe_mode=1
safe_mode_exec_string=/www/sites/mysite/cgi-bin
doc_root=/www/sites/mysite
open_basedir=/www/sites/mysite
extension=pgsql.so  

test.php3
<?php

copy("/etc/passwd","passwd");  /* this works */
$fd=fopen("passwd","r");           /* so does this */
fclose($fd);                             /* and this */

$fd=fopen("/etc/passwd","r");  /* this does is not successful */
fclose($fd);                           /* as it should not be */

?>    

So the system will allow me to copy the passwd file to a local allowd directory and then open it which bypasses the fact that I have restricted the system with open_basedir directive.

thanks

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-03-31 16:13 UTC] php-bugs at lists dot php dot net

We are sorry, but we do not support PHP 3 related problems anymore.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 01:01:28 2024 UTC