php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39073 safe_mode_include_dir not honored
Submitted: 2006-10-07 08:09 UTC Modified: 2006-10-08 00:12 UTC
From: jim at centerfuse dot net Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 5.1.6 OS: FreeBSD 4.11
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jim at centerfuse dot net
New email:
PHP Version: OS:

 

 [2006-10-07 08:09 UTC] jim at centerfuse dot net
Description:
------------
Just upgraded to php 5.1.6, and safe_mode_include_dir doesn't appear to be honored. I'm running with safe mode = On and one directory in the include_dir. Trying to include/fopen/etc any file from that directory results in a safemode UID restriction. phpinfo() shows that PHP is reading the correct configuration file and that it knows about safe_mode_include_dir. 

Reproduce code:
---------------
//in php.ini: safe_mode_include_dir = "/usr/local/share/FUSE")

$fp = fopen('/usr/local/share/FUSE/FUSE-main.php', 'r')



Expected result:
----------------
fopen should return file pointer

Actual result:
--------------
Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 1006 is not allowed to access /usr/local/share/FUSE/FUSE-main.php owned by uid 0 in /home/context/public_html/test.php on line 13

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-07 08:10 UTC] jim at centerfuse dot net
note, the trailing parentheses that appears in my reproduce code after the safe_mode_include_dir is *not* present in php.ini, it was a typo.
 [2006-10-07 09:19 UTC] jim at centerfuse dot net
get_cfg_var() and ini_get() both return the correct safe_mode_include_dir, but it seems to just be ignored. Just for good measure, I also tried using a different directory altogether, but got the same results.
 [2006-10-07 19:19 UTC] jim at centerfuse dot net
This bug does not seem to affect require_once(), require(), or include(), which are still able to access the file from a different UID (as long as safe_mode_include_dir is set as it should be). However, other file operations such as file_exists and fopen fail. In the example below, note that the include() succeeds because the output does say "this is the test file"

====
CODE
====
//
// safe_mode_include_dir is /home/php_include_test
// 
// the file /home/php_include_test/test 
// simply says "this is the test file<br />"

$test_file = '/home/php_include_test/test';

include($test_file);

if ( file_exists($test_file) ) {
        echo 'Test file exists.<br />';
}
else {
        echo 'Test file does not exist<br />';
}

if ( is_readable($test_file) ) {
        echo 'Test file is readable.<br />';
}
else {
        echo 'Test file not readable<br />';
}

if ( $fp = fopen($test_file, 'r') ) {
        echo 'Test file opened for read.<br />';
        fclose($fp);
}
else {
        echo 'Test file could not be opened for read<br />';
}

=======
OUTPUT
=======
this is the test file
Test file does not exist
Test file not readable

Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid is 1010 is not allowed to access /home/php_include_test/test owned by uid 0 in /home/www/jim/public_html/jimtest.php on line 21

Warning: fopen(/home/php_include_test/test) [function.fopen]: failed to open stream: Inappropriate ioctl for device in /home/www/jim/public_html/jimtest.php on line 21
Test file could not be opened for read
 [2006-10-07 20:31 UTC] tony2001@php.net
The ini directive is called safe_mode_*INCLUDE*_dir.
Please read what it's used for: http://www.php.net/manual/en/features.safe-mode.php
 [2006-10-08 00:12 UTC] jim at centerfuse dot net
file_exists() had previously worked for me in safe mode, most likely because I was using PHP 5.1.4, which was subject to bug #37987 (invalid return of file_exists() in safe mode). My apologies for the bogus bug, but you can understand my confusion.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Feb 17 10:01:25 2019 UTC