PHP :: Bug #38566 :: SAFE MODE Restriction in effect without calling any php-file

Bug #38566

SAFE MODE Restriction in effect without calling any php-file

Submitted:

2006-08-23 14:39 UTC

Modified:

2006-11-08 21:58 UTC

Votes:	6
Avg. Score:	4.5 ± 0.8
Reproduced:	4 of 5 (80.0%)
Same Version:	4 (100.0%)
Same OS:	2 (50.0%)

From:

noc at smartterra dot de

Assigned:

Status:

Not a bug

Package:

Apache2 related

PHP Version:

4.4.4

OS:

FreeBSD 5.3/6.0/6.1

Private report:

CVE-ID:

None

View Developer Edit

[2006-08-23 14:39 UTC] noc at smartterra dot de

Description:
------------
I have a php-enabled vhost in the apache2 configuration file. In the document root there are only html-files. So no php parsed file is called when the domain is viewed in a browser. But sometimes I get a warning notice about safe mode restrictions:

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 80/80 is not allowed to access /usr/home/zak owned by uid/gid 1094/1095 in Unknown on line 0

In the error.log I can see the additional informationen that the referer is sometimes the index.html or the css-file included in the index.html.

I'm running PHP4.4.4 with Apache 2.0.59 on FreeBSD 5.3. If you need any furhter information don't hesitate to contact me.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-08-23 14:41 UTC] noc at smartterra dot de

Sometime the error messages differs in some details (id/gid):

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 0/0 is not allowed to access /usr/home/zak owned by uid/gid 1094/1095 in Unknown on line 0

[2006-08-23 14:46 UTC] tony2001@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

[2006-08-23 14:48 UTC] noc at smartterra dot de

I get this error message sometimes also with php-parsed files in another vhost on the same server

[2006-08-23 14:51 UTC] noc at smartterra dot de

When I restart apache everything works fine.. but for a few minutes only.

[2006-08-23 14:53 UTC] noc at smartterra dot de

Sorry, I posted some new comments without reading your comment. I'll will post my problem in a php related newsgroup. Thank you for your help.

[2006-08-24 08:22 UTC] noc at smartterra dot de

I don't think this is a configuration problem. This behavior appears after updating to the newest apache und php-version without changing any kind of configuration. I will downgrade PHP to a working version to verify this.

[2006-08-24 08:35 UTC] noc at smartterra dot de

Funny thing:

phpinfo() says:

safe_mode	Off	On

But I get

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 80/80 is not allowed to access /usr/home/phpissue owned by uid/gid 0/0 in Unknown on line 0

Are you sure this isn't a php-bug?

[2006-08-24 08:38 UTC] noc at smartterra dot de

I really think this is a php-related bug, so I will change the ticket status back to "open".

[2006-08-24 08:45 UTC] tony2001@php.net

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

[2006-08-24 09:07 UTC] noc at smartterra dot de

I hope the following information provides enough details:

I updated a FreeBSD 5.3 system to the newest apache and php-version (2.0.59 and 4.4.4), running mod_php4 configured in the httpd.conf:

LoadModule php4_module        libexec/apache2/libphp4.so
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

To reproduce this bug I configured a single virtual host within the apache configuration with the following php related options:

  php_admin_flag engine on
  php_admin_value open_basedir /usr/home/phpissue/
  php_admin_value upload_tmp_dir /usr/home/phpissue/temp
  php_admin_value doc_root /usr/home/phpissue/
  php_admin_value user_dir /usr/home/phpissue/
  php_admin_value session.save_path /usr/home/phpissue/temp
  php_admin_flag safe_mode On
  php_admin_value safe_mode_exec_dir /usr/home/phpissue/


I would like to mention that the configuration works with an older version of apache und php (sorry, I don't know which version as I didn't wrote them down) without any modifcation.

In the DocumentRoot of the vhost I created a simple index.html file which only contains one word. So I expected to view this word (PHPISSUE) in my browser when I point the browser to this site.

But instead I get this message:

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 80/80 is not allowed to access /usr/home/phpissue owned by uid/gid 0/0 in Unknown on line 0
PHPISSUE 

When I restart apache everything works fine and I only get:

PHPISSUE

But after a few minutes the same error message appears again. For testing purposes I deactivated the safe-mode for this vhost in the apache configuration:

  php_admin_flag safe_mode Off
  
I still get the error message mentioned above.

The apache error.log for this vhost says:

[Thu Aug 24 10:59:01 2006] [error] [client 10.0.0.32] PHP Warning:  Unknown(): SAFE MODE Restriction in effect.  The script whose uid/gid is 80/80 is not 
allowed to access /usr/home/phpissue owned by uid/gid 0/0 in Unknown on line 0

When I deactivate php for this vhost completly (php_admin_flag engine off) I will get the expected printout without any error message.

With PHP I'm running the following extensions:

extension=pdf.so
extension=tokenizer.so
extension=xml.so
extension=gd.so
extension=mcrypt.so
extension=bcmath.so
extension=imap.so
extension=sysvshm.so
extension=session.so
extension=mysql.so
extension=zlib.so
extension=domxml.so
extension=ftp.so
extension=posix.so
extension=sysvmsg.so
extension=mbstring.so
extension=pcre.so
extension=calendar.so
extension=overload.so
extension=snmp.so
extension=sockets.so
extension=sysvsem.so
extension=bz2.so
extension=ctype.so

I already removed eAccelerator and ZendOptimizer because I assumed one of these as the causer of this bug. But I was wrong.

When it helps I can provide the complete output of phpinfo().

Thank you,

Falk

[2006-08-24 09:16 UTC] tony2001@php.net

>When it helps I can provide the complete output of phpinfo().
Put it somewhere in the net and paste the link here.

[2006-08-24 09:24 UTC] noc at smartterra dot de

I saved a copy here: http://smartterra.de/phpissue.html

[2006-09-05 10:21 UTC] info at nrg-systems dot de

We have the same PHP warning messages in our log files since we've upgraded from 4.3.11 to 4.4.2 (also with 4.4.3 and 4.4.4). It looks like as every file access (including static HTML pages and even images) from the Apache server results in this PHP message. But the files are delivered to the clients browser.

Especially the part "in Unknown on line 0" is an evidence that the PHP check is called even for non-PHP scripts.

[2006-09-05 20:17 UTC] noc at smartterra dot de

I set up a completly new system with FreeBSd 6.1, Apache 2.0.59 and PHP4.4.4 - it works for me without any problems.

[2006-09-06 09:12 UTC] noc at smartterra dot de

Hm,

sometimes this bug is still present with my new setup:

PHP Warning:  Unknown(): SAFE MODE Restriction in effect.  The script whose uid/gid is 0/0 is not al
lowed to access /usr/home/phpissue owned by uid/gid 1025/1025 in Unknown on line 0

"Don't halloo till you're out of the wood!" :-(

[2006-09-06 09:17 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2006-09-07 21:33 UTC] tb at tbits dot net

I've the same problem since 4.3.11 !
If also tried the SNAPSHOT php4-STABLE-200609072030 without any success. Why checks php normal html files ?

The only one solution at the moment is to downgrade to 4.3.11 with many security problems. :-(.

Thomas

[2006-09-14 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2006-09-16 23:00 UTC] noc at smartterra dot de

First I tried the actual STABLE-Version, which seems to have the same buggy behavior. Then i downgraded to PHP 4.3.11 and everything works fine for me. If I can help you to fix this bug, let me know. But till then I have to use this old und insecure version :-/

[2006-09-16 23:04 UTC] noc at smartterra dot de

Added some more OS-Version I tried.

[2006-10-18 21:08 UTC] tony2001@php.net

See bug #38670 and bug #38577.
Please use bug #38760 for further comments.

[2006-11-01 08:32 UTC] noc at smartterra dot de

Taken from Bug #38760:

"Sorry, but your problem does not imply a bug in PHP itself."

Switching from PHP4.4.4 back to PHP4.3.11 with exactly the same configuration-syntax, exactly the same snipets of code, exactly the same configuration of the whole system will "fix" the bug. So can you please tell me why this doesn't imply a bug in PHP itself?

[2006-11-08 21:45 UTC] tony2001@php.net

See bug #38670 for further details.

[2006-11-08 21:58 UTC] noc at smartterra dot de

Oh, I think there is a typo:

"Please use bug #38760 for further comments."

Juggling with the digits results in the right bug number:

See bug #38670 for further details.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 11:01:30 2024 UTC