PHP :: Bug #35301 :: open_basedir allows one file in dir but not others further in

Bug #35301	open_basedir allows one file in dir but not others further in
Submitted:	2005-11-20 08:46 UTC	Modified:	2005-11-20 17:41 UTC
From:	bgshea at gmail dot com	Assigned:
Status:	Not a bug	Package:	Safe Mode/open_basedir
PHP Version:	5.0.5	OS:	Linux 2.6
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bgshea at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2005-11-20 08:46 UTC] bgshea at gmail dot com

Description:
------------
[Sun Nov 20 00:36:12 2005] [error] [client 68.35.85.123] PHP Warning:  readfile() [<a href='function.readfile'>function.readfile</a\
>]: open_basedir restriction in effect. File(/home/bgshea/g2data/cache/module/core/0/0/0.inc) is not within the allowed path(s): (/\
mnt/sdc1/pub/www/:/usr/local/php-5.0.5/lib/:/mnt/sdc1/home/:/mnt/sdc1/pub/webfiles/) in /mnt/sdc1/home/bgshea/webpage/fopen.php on \
line 12, referer: http://www.hackthebox.org/~bgshea/

NOTE: /home is a symlink to /mnt/sdc1/home

This is my first bug report, so if this does not post right, I'm sorry. BTW: I've spent 5 hours trying to fix this, looked at all bugs related to open_basedir and could not figure this out.

Reproduce code:
---------------
//Test a file open under /home/ works
$file=fopen("/home/bgshea/webpage/info.php", "r" );
fclose( $file );
//test a file read under /home/bgshea/g2data, works
readfile( "/home/bgshea/g2data/install.log" );
//This should work, but fails. Why? no symlinks here.
readfile("/home/bgshea/g2data/cache/module/core/0/0/0.inc");


open_basedir was set in httpd.conf to be /mnt/sdc1/pub/www/:/usr/local/php-5.0.5/lib/:/mnt/sdc1/home/:/mnt/sdc1/pub/webfiles/


Expected result:
----------------
/home/bgshea/g2data/cache/module/core/0/0/0.inc file should be opened

Actual result:
--------------
Error message reported in log file, php script is terminated

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-11-20 10:14 UTC] sniper@php.net

Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

[2005-11-20 17:41 UTC] bgshea at gmail dot com

Indeed, you are correct, the fact that 0.inc does not exist in the dir causes the failure, the bug seems to be in the documentation on how to use open_basedir.

I overlooked a previous bug report (Bug #30188).

For all that read these bugs, you need to check for file existance (file_exists(/path/to/file) ). 

Maybe the open_basedir should be called something else cause it is mis-leading if it also dis-allows on a file by file basis.

I'm gonna post this in the docs as well.

Thanks for the little bit help.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 27 00:01:30 2024 UTC