php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46070 realpath() fails with safe-mode enabled on 64 bit systems
Submitted: 2008-09-13 12:09 UTC Modified: 2009-04-14 01:00 UTC
From: dougcsd at yahoo dot com Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 5CVS-2008-11-11 OS: BlueWhite64 (linux)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dougcsd at yahoo dot com
New email:
PHP Version: OS:

 

 [2008-09-13 12:09 UTC] dougcsd at yahoo dot com
Description:
------------
This code segment runs in a file included from an upper level script.  The same script appears to work correctly when PHP is compiled with the same options on a 32 bit OS.

Apache 2.2 compiled from source

All php compiled from source

Linux kernel 2.6.26.2 compiled from source.  

libc:
-rwxr-xr-x 1 root root 1658189 2008-04-22 03:51 libc-2.7.so*
lrwxrwxrwx 1 root root      11 2008-06-17 18:22 libc.so.6 -> libc-2.7.so*

root@server1:/lib# gcc --version
gcc (GCC) 4.2.3
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

./configure  --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/my
sql --with-zlib --with-gd --with-jpeg-dir=/usr --with-png-dir=/usr --prefix=/usr
/local/php5 --enable-mbstring

Code:

$osd_root_path2 = realpath(dirname(__FILE__) . '/../../../') . '/';
$dump=fopen("/var/www/html/chat/dumptest","w");
  fprintf($dump,"%s\n%s\n",dirname(__FILE__),$osd_root_path2);
fclose($dump);

The file output was the same on 5.2.6 through 5.3.Alpha3

Output when safe mode is on:
/var/www/html/chat/inc/cmses
/

Output when safe mode is off:
/var/www/html/chat/inc/cmses
/var/www/html/


Reproduce code:
---------------
$osd_root_path2 = realpath(dirname(__FILE__) . '/../../../') . '/';
$dump=fopen("/var/www/html/chat/dumptest","w");
  fprintf($dump,"%s\n%s\n",dirname(__FILE__),$osd_root_path2);
fclose($dump);



Expected result:
----------------
Output when safe mode is off:
/var/www/html/chat/inc/cmses
/var/www/html/


Actual result:
--------------
Output when safe mode is on:
/var/www/html/chat/inc/cmses
/

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-13 12:30 UTC] dougcsd at yahoo dot com
Minor code change produced a correct result.  Appears the issue is related to more than three levels up.  Just so happends that this is also the safe mode chroot directory:

/var/www/html/

<Directory "/var/www/html">
    AddType application/x-httpd-php .php
    php_admin_flag safe_mode on
#    php_flag assert.warning off
#    php_admin_flag assert.warning off
    php_admin_value safe_mode_exec_dir /var/www/html/
    php_admin_value open_basedir /var/www/html/


$osd_root_path2 = realpath(dirname(__FILE__) . '/../../') . '/';
$dump=fopen("/var/www/html/chat/dumptest","w");
  fprintf($dump,"%s\n%s\n",dirname(__FILE__),$osd_root_path2);
fclose($dump);

/var/www/html/chat/inc/cmses
/var/www/html/chat/
 [2009-04-06 21:13 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2009-04-14 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC