php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39123 Default for "upload_tmp_dir" changed to "/tmp" (regression)
Submitted: 2006-10-11 01:44 UTC Modified: 2007-01-19 18:08 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: phpbugs at thequod dot de Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 5CVS-2006-10-11 (CVS) OS: Ubuntu Linux
Private report: No CVE-ID:
 [2006-10-11 01:44 UTC] phpbugs at thequod dot de
Description:
------------
I have no upload_tmp_dir set, so it seems to use "/tmp".

I have added "/tmp/" to open_basedir (despite the fact 
that this was not necessary before - see 
http://bugs.php.net/38934).

Upload in PHP_5_2 fails with:
[11-Oct-2006 03:26:35] PHP Warning:  Unknown: open_basedir 
restriction in effect. File(/tmp) is not within the 
allowed path(s): 
(/web7/:/var/www/web7/:/tmp/:/var/www/usr/local/share/php/:/usr/local/share/php/) 
in Unknown on line 0
[11-Oct-2006 03:26:35] PHP Warning:  File upload error - 
unable to create a temporary file in Unknown on line 0

This is a regression to PHP_5_1, where it works like this!

Setting upload_tmp_dir=/tmp/ (with ending slash) fixes it 
also for PHP_5_2.

Reproduce code:
---------------
Any upload form, there are two in the other bug refered above.

Expected result:
----------------
Upload works.

Actual result:
--------------
Upload does not work.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-11 23:31 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Standard process for validating open_basedir applies here.
 [2006-10-12 02:26 UTC] phpbugs at thequod dot de
I've changed the summary.
Long version:
Default for "upload_tmp_dir" has changed from "/tmp/" 
to "/tmp" and uploads now fail with open_base_dir="/tmp/"!

This is a regression!

If I use "/tmp/" in open_base_dir, I expect it to also 
handle accesses to the "/tmp" directory itself!

(all apart the fact that it's ridiculous to manually have 
to add upload_tmp_dir to open_basedir for uploads to work)
 [2006-10-12 04:05 UTC] judas dot iscariote at gmail dot com
Ilia :

Can u reconsider this ? this is a BC break, and Im sure gazillions or webserver config files will break with this change.
 [2006-10-12 15:28 UTC] phpbugs at thequod dot de
While at it, please reconsider also 
http://bugs.php.net/38934 and at least document since when 
then upload_tmp_dir is needed in open_basedir.
 [2006-10-13 02:21 UTC] iliaa@php.net
Make sure your upload_tmp_dir is set and then it'll work.
 [2006-10-13 11:27 UTC] phpbugs at thequod dot de
Yes, setting upload_tmp_dir explicitly does not cause the 
problem (anymore).

But still, because the default of upload_tmp_dir is empty, 
it should not bail out when detecting the upload_tmp_dir 
setting.

Manually setting upload_tmp_dir to "/tmp" (without 
trailing slash) allows uploading, but leaving it unset, 
errors out with:
"""
PHP Warning:  Unknown: open_basedir restriction in effect. 
File(/tmp) is not within the allowed path(s): (/X/:/tmp/) 
in Unknown on line 0
PHP Warning:  File upload error - unable to create a 
temporary file in Unknown on line 0
"""

To me it looks like the error gets triggered while 
determining the default upload_tmp_dir setting.

I consider setting "upload_tmp_dir" explicitly as a 
work-around currently, but it should not be necessary for 
upgrading to 5.2 IMHO.
 [2006-10-13 13:29 UTC] iliaa@php.net
The error is that the "default" path is validated against 
open_basedir to address earlier tempnam() vulnerability 
allowing open_basedir bypass. 

The solution is either to: set upload_tmp_dir (which is the 
case on most installs) or to make sure that the default tmp 
dir is inside the open_basedir.
 [2006-10-13 13:29 UTC] iliaa@php.net
The error is that the "default" path is validated against 
open_basedir to address earlier tempnam() vulnerability 
allowing open_basedir bypass. 

The solution is either to: set upload_tmp_dir (which is the 
case on most installs) or to make sure that the default tmp 
dir is inside the open_basedir.
 [2006-10-13 19:27 UTC] phpbugs at thequod dot de
And why is it so that:
 upload_tmp_dir=/tmp
 open_basedir=/tmp/
works, but
 open_basedir=/tmp/
does not?! (because of the trailing slash in the last 
example)

Additionally, I don't believe that upload_tmp_dir is set 
on most installs.
 [2007-01-19 18:08 UTC] phpbugs at thequod dot de
JFI: it seems to be the same with session.save_path.

Setting it explicitly to "/tmp/" helps here, too.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 14:02:33 2014 UTC