php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47945 tightened "open_basedir" setting persists between requests
Submitted: 2009-04-10 09:02 UTC Modified: 2010-12-20 12:42 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: elapouya at gmail dot com Assigned:
Status: Not a bug Package: Safe Mode/open_basedir
PHP Version: 5.3.0RC1 OS: Ubuntu 8.10
Private report: No CVE-ID: None
 [2009-04-10 09:02 UTC] elapouya at gmail dot com
Description:
------------
If you put an 

ini_set("open_basedir","/var/www/mydir"); 

in your code,

the first time it will work, put if you reload the page quickly, you will get a "open_basedir restriction in effect" on a jammed directory !

If I wait 1 minute, it works again for the first time and no more the next times : looks like a cache problem.

I do not have APC, xdebug etc...

Nothing in php.ini except the error_reporting turned to On.

the configure :

'./configure' '--with-apxs2=/usr/bin/apxs2' '--disable-short-tags' '--with-openssl' '--with-zlib' '--enable-bcmath' '--with-bz2=/bin/bzip2' '--enable-calendar' '--with-curl' '--with-curlwrappers' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/lib' '--with-png-dir=/usr/lib' '--with-xpm-dir=/usr/lib' '--with-ttf' '--with-t1lib' '--enable-gd-native-ttf' '--enable-gd-jis-conv' '--with-gettext' '--with-imap' '--with-imap-ssl' '--with-ldap' '--with-ldap-sasl' '--enable-mbstring' '--with-mcrypt' '--with-mhash' '--with-ming' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-ncurses' '--with-pdo-mysql' '--with-pspell' '--with-readline' '--with-snmp' '--enable-soap' '--enable-sockets' '--without-sqlite' '--enable-sqlite-utf8' '--with-tidy' '--enable-wddx' '--with-xmlrpc' '--with-xsl' '--enable-zip' '--with-pear' '--with-kerberos'

Note : I use PHP as a Apache module

Reproduce code:
---------------
In /var/www/elapouya, I create the file open_basedir.php :

<?php
ini_set("open_basedir","/var/www/elapouya");
?>



Expected result:
----------------
no error

Actual result:
--------------
First time : No error,

Next times :

Warning: Unknown: open_basedir restriction in effect. File(/var/www/elapouya/open_basedir.php) is not within the allowed path(s): (??ΒΈ/www/elapouya) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Fatal error: Unknown: Failed opening required '/var/www/elapouya/open_basedir.php' (include_path='.:/usr/local/lib/php') in Unknown on line 0




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-10 12:27 UTC] jani@php.net
Does this happen with PHP 5.2.9 ?
 [2009-04-10 15:02 UTC] elapouya at gmail dot com
It is a new feature for 5.3 : One can now set open_basedir at runtime (not only in php.ini / php_value as a per dir basis).

So, to answer you, 5.2.9 in not relevant.
 [2009-04-10 17:46 UTC] jani@php.net
See also bug #46934 of which this is duplicate -> bogus. 
 [2009-04-11 06:26 UTC] elapouya at gmail dot com
Yes it looks like the same root cause.

But in my case, I was not thighten/untighten open_basedir.

I was just *setting* open_basedir at runtime (open_basedir is blank in php.ini and httpd.conf)

I made another test by putting "open_basedir = /var/www" in php.ini and use the same open_basedir.php as in my example to only "tighten" open_basedir : the effect is the same : First time is OK, but if you reload the page quickly,the same error occurs :

I think that the path stored internally for open_basedir is not the good one (look at the weird chars into the path in the error message for open_basedir)
 [2009-05-11 12:41 UTC] elapouya at gmail dot com
The bug still exists in 5.3.0RC2 :

The ini_set("open_basedir",xxx) does not work if you load the same page twice
 [2010-12-20 12:42 UTC] jani@php.net
-Package: Tidy +Package: Safe Mode/open_basedir
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat May 08 17:02:33 2021 UTC