PHP :: Bug #39711 :: shell_exec() fails in HTTPS mode when safe

Bug #39711	shell_exec() fails in HTTPS mode when safe_mode = off (local)
Submitted:	2006-12-02 03:26 UTC	Modified:	2006-12-02 06:31 UTC
From:	joe at neosource dot com dot au	Assigned:
Status:	Not a bug	Package:	Safe Mode/open_basedir
PHP Version:	4.4.4	OS:	Linux / Apache/2.0.52
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2006-12-02 03:26 UTC] joe at neosource dot com dot au

Description:
------------
Hi,

I have found that on PHP 4.4.4 shell_exec() fails when local safe_mode = off and master safe_mode = on - only when the script is a secure HTTPS URL. The problem does not appear in HTTP mode.

shell_exec() and other related & safe_mode affected functions fail too such as is_executable() and file_exists(), but no error or warning message is generated.

This bug caused me some grief over the past couple days as I had no idea why my sendmail script was behaving strangely as sometimes it'd work and other times it wouldn't (due to the site switching from HTTP/HTTPS mode). It wasn't an obvious bug to find, but after much debugging this is what I've found to be the cause.

I hope you guys have as much fun squishing this bug as I did  finding it ! :)

Happy to offer any assistance with reproducing / troubleshooting the bug.

Joe

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-12-02 03:57 UTC] joe at neosource dot com dot au

I noticed that phpinfo() shows safe_mode=on in HTTPS mode, but safe_mode=off in HTTP mode. Is there a separate safe_mode setting for HTTPS hosts ?

[2006-12-02 04:35 UTC] joe at neosource dot com dot au

Sorry guys,

The issue has now been resolved, I wasn't aware that the safe_mode setting is applied to the HTTPS and HTTP hosts separately. My ISP had warnings suppressed, so that'd probably explain why I didnt't find any error messages in the log files.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 18:01:31 2024 UTC