php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #36532 session.save_path and safe_mode
Submitted: 2006-02-26 03:11 UTC Modified: 2006-03-07 01:00 UTC
Votes:4
Avg. Score:4.0 ± 1.2
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:2 (50.0%)
From: amicka at gmail dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.4.2 OS: FreeBSD 4.11
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-02-26 03:11 UTC] amicka at gmail dot com 
Description:
------------
We are using mod_php and providing per-site configuration directives in httpd.conf

I am testing with a phpinfo() file, owned by uid/gid 1000/1000

When safe_mode is enabled, we receive the following error:

PHP Warning:  Unknown(): SAFE MODE Restriction in effect.  The script whose uid/gid is 0/0 is not allowed to access /www/example.com/tmp owned by uid/gid 1000/1000 in Unknown on line 0

PHP Warning:  Unknown(): open(/tmp/sess_659835e0c801f8cfcf46c1740c026d08, O_RDWR) failed: Permission denied (13) in Unknown on line 0

PHP Warning:  Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0


*  Because my info.php file is owned by uid=1000, the "script whose uid/gid is 0/0" error SHOULD NOT APPEAR.  It is erroneously using 0/0 for its checks

*  Because /www/example.com/tmp is in my safe_mode_include_dir path, the above error shouldn't apply anyway

*  Because my session.save_path is /www/example.com/tmp , it SHOUD NOT be attempting to write to /tmp

My current workaround is to chown /www/example.com/tmp to 0:0, which is preferable in my environment.  But this still indicates a bug.

php.ini is similar to the ini-recommended file, plus safe_mode = On

Per-site overrides:

<VirtualHost *:80>
  ServerName www.example.com
  DocumentRoot /www/example.com/www
  SetEnv PHP_DOCUMENT_ROOT /www/example.com/www
  SetEnv PHPRC /www/example.com/conf
  php_admin_value doc_root /www/example.com/www
</VirtualHost>

<Directory /www/virtual/example.com/>
  php_admin_value session.save_path "/www/example.com/tmp/"
  php_admin_value upload_tmp_dir "/www/example.com/tmp/"
  php_admin_value safe_mode_include_dir "/www/lib/:/www/sharedlib/:/www/example.com/tmp/:/dev/null:/usr/local/lib/php/"
  php_admin_value open_basedir /www/lib/:/www/example.com/
</Directory>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-27 08:54 UTC] tony2001@php.net 
What Server API are you using?
 [2006-02-27 09:43 UTC] amicka at gmail dot com 
Apache 2.0  (2.0.55)
 [2006-02-27 09:54 UTC] tony2001@php.net 
Can you try it with Apache 1.3.x ?
And I'd appreciate if you try to reproduce it with PHP 5.1 either.
 [2006-03-07 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-06-01 09:19 UTC] lars at erhardsen dot dk 
I'm experiencing the same with 4.4.2 on linux 2.4.27 - and these random errors started when I upgraded from 4.3.11 (not entirely sure about the version)
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Sat Sep 23 11:01:26 2023 UTC