php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #48111 unlink() does not delete symlinks without a target if open_basedir is used
Submitted: 2009-04-29 17:42 UTC Modified: 2021-05-21 12:05 UTC
Votes:12
Avg. Score:3.3 ± 1.4
Reproduced:7 of 8 (87.5%)
Same Version:3 (42.9%)
Same OS:3 (42.9%)
From: simon at stienen dot name Assigned: cmb (profile)
Status: Wont fix Package: Safe Mode/open_basedir
PHP Version: 5.2.9 OS: FreeBSD 7.1-RELEASE/amd64
Private report: No CVE-ID: None
 [2009-04-29 17:42 UTC] simon at stienen dot name
Description:
------------
unlink()ing a symlink with its target missing fails with an open_basedir error.

This might be related to
http://bugs.php.net/bug.php?id=20235 (actual deletion changed, but sanitization still uses target?) and/or
http://bugs.php.net/bug.php?id=29145 (missing target (empty string?) is considered to be outside of open_basedir?)


Reproduce code:
---------------
<?php

echo "creating link\n";
symlink('nonexisting_target', 'link');

echo "unlinking link\n";
unlink('link');

echo "creating target\n";
file_put_contents('nonexisting_target', 'foo');

echo "unlinking link (again)\n";
unlink('link');

echo "unlinking target\n";
unlink('nonexisting_target');


Expected result:
----------------
Run with php -d open_basedir=

creating link
unlinking link
creating target
unlinking link (again)

Warning: unlink(link): No such file or directory in /tmp/- on line 13
unlinking target


Actual result:
--------------
Run with php -d open_basedir=/

creating link
unlinking link

Warning: unlink(): open_basedir restriction in effect. File(link) is not within the allowed path(s): (/) in /tmp/- on line 7
creating target
unlinking link (again)
unlinking target

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-29 20:39 UTC] simon at stienen dot name
Ok, a possible solution would be to apply the open_basedir check to the parent directory instead of the file or the symlink itself.

I have implemented and slightly tested this, but please consider that my C knowledge is somewhat limited and I have almost no insight into PHPs internals, so please treat these diffs with the necessary care:

http://trashbin.slashlife.org/tmp/plain_wrapper.c.diff
http://trashbin.slashlife.org/tmp/plain_wrapper.c.-p.diff
http://trashbin.slashlife.org/tmp/plain_wrapper.c.-u.diff
 [2010-02-14 20:27 UTC] antoine dot contal+bugs dot php dot net at gmail dot com
Same issue with PHP 5.2.11.
 [2011-04-08 18:21 UTC] jani@php.net
-Package: Feature/Change Request +Package: Safe Mode/open_basedir
 [2021-05-21 12:05 UTC] cmb@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2021-05-21 12:05 UTC] cmb@php.net
> Ok, a possible solution would be to apply the open_basedir check
> to the parent directory instead of the file or the symlink itself.

Well, that would require special casing for unlinking symlinks,
which was rejected for bug #29145.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC