PHP :: Bug #5097 :: security hole in file open

Bug #5097	security hole in file open
Submitted:	2000-06-17 04:58 UTC	Modified:	2000-06-17 05:42 UTC
From:	greg at netserv dot net dot au	Assigned:
Status:	Closed	Package:	Other
PHP Version:	4.0 Beta 3	OS:	linux (redhat)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	greg at netserv dot net dot au
New email:
PHP Version:		OS:

New/Additional Comment:

[2000-06-17 04:58 UTC] greg at netserv dot net dot au

I am sorry if in my documentation search I have missed the way to block this. Especially if it is just a configuration issuse.
I didnt want to post this to the php open list.

As the http server runs as the same user as php then also any file that can be read by the server  can also be accessed on the local system by a fopen 
Also seeing that the web root is also the root of the users web pages 
Any one user can do a fopen on another users suposedly hidden php source
Is it possible to stop ../ changes in the global restrictions so users cant get out of their home directories


<?
if (!($f = fopen("../other_user/secret.php","r"))){
print ("cant open that") ;
exit;
}
while(!feof($f)){
print (fgets($f,255));
}
fclose($f);
?>

Thanks Greg

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-06-17 05:42 UTC] rasmus at cvs dot php dot net

Turn on safe-mode or run PHP as a CGI under suexec

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 10 02:01:30 2024 UTC