PHP :: Bug #53398 :: Latest open_basedir() changes break accessing files in subdirs

Bug #53398	Latest open_basedir() changes break accessing files in subdirs
Submitted:	2010-11-24 16:01 UTC	Modified:	2010-11-24 16:23 UTC
From:	info at glsys dot eu	Assigned:
Status:	Not a bug	Package:	Safe Mode/open_basedir
PHP Version:	5.3.3	OS:	Debian
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	info at glsys dot eu
New email:
PHP Version:		OS:

New/Additional Comment:

[2010-11-24 16:01 UTC] info at glsys dot eu

Description:
------------
Hi!

Real PHP version: Debian unstable 5.3.3-4
Apache2: Debian 2.2.16-4 mpm-prefork
Safe_mode: off


As the changelog says:
+ possible flaw in open_basedir (CVE-2010-3436)

After this upgrade I can not include/open files if they are in an open_basedir subdirectory.

One more interesting thing:

My Virtualhost system is located under /data/www.
I had a symlink at /var/www pointing to /data/www.

After this upgrade the I had issues whit open_basedir if I used /var/www.

Maybe it is related to the subdir issue.

Swifty

Actual result:
--------------
[Wed Nov 24 15:04:44 2010] [error] [client w.x.y.z] PHP Warning:  Unknown: open_basedir restriction in effect. File(/data/www/include/modules/img.php) is not within the allowed path(s): (/data/www/!Admin/:/data/www/!Error/:/data/www/include/:/data/www/sites/some.domain/) in Unknown on line 0, referer: http://some.domain/index.php
[Wed Nov 24 15:04:44 2010] [error] [client w.x.y.z] PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0, referer: http://some.domain/index.php
[Wed Nov 24 15:04:44 2010] [error] [client w.x.y.z] PHP Fatal error:  Unknown: Failed opening required '/var/www/include/modules/img.php' (include_path='.:/usr/share/php:/data/www/include') in Unknown on line 0, referer: http://some.domain/index.php

[Wed Nov 24 15:06:05 2010] [error] [client w.x.y.z] PHP Warning:  filemtime() [http://www.php.net/en/manual/function.filemtime.php]: stat failed for /data/www/sites/some.domain/modules/img.php in /data/www/include/modules/ob.cache.php on line 28, referer: http://some.domain/index.php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-11-24 16:10 UTC] info at glsys dot eu

-Package: Security related +Package: Safe Mode/open_basedir

[2010-11-24 16:10 UTC] info at glsys dot eu

Sorry :D
Changed from Security to Safe Mode/open_basedir... :D

Swifty

[2010-11-24 16:23 UTC] pajoye@php.net

-Status: Open +Status: Bogus

[2010-11-24 16:23 UTC] pajoye@php.net

Already reported and fixed in SVN. However this fix was never released (applied in 5.3.4RC, Deb should update their patch.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 16 11:01:29 2024 UTC