|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7204 Safe mode prevents normal operations with files
Submitted: 2000-10-14 08:21 UTC Modified: 2000-10-18 06:03 UTC
From: byg at d7 dot ru Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.0.3 OS: Linux
Private report: No CVE-ID: None
 [2000-10-14 08:21 UTC] byg at d7 dot ru

Safe mode prevents normal operations with files, e.g.:
//if (copy("/home/tmp/test4.html", "/home/byg/f1/main/tpic/test4.html"))
/*if (!file_exists($fn)) echo "NOT FOUND $fn<br>\n";
if (file_exists($fn)) echo "FOUND $fn<br>\n";
if (copy($fn, "/home/byg/f1/main/tpic/test4.html"))
 echo "OK";
 echo "BAD";*/
//include "/home/byg/homepage/";
it prints "FOUND phpVtC860" and "BAD".

More general case:
if (!copy(somefile, anothefile)) echo "Error";

this script will print "Error" if "somefile" has been
uploaded or just belongs to a uid different with uid of
running script. Quote log file:
[14-Oct-2000 18:15:09] PHP Warning:  SAFE MODE Restriction in effect.  The script whose uid is 100 is not allowed to access /home/tmp/phpVtC860 owned by uid 9000 in /home/byg/homepage/ on line 5

I think there is nothing wrong in my setup when
there are Apache-pseudo-user and web-development user with
different uids. Essentially, I cannot allow apache pseudo-user to own neither HTML files nor PHP-scripts.
But this is the cause of quoted message and failures of
copy function.

I think something wrong in algorithm of
PHPAPI int php_checkuid(const char *fn, char *fopen_mode, int mode), 'cos I didn't catch sense of the following
        if (duid == (uid=php_getuid())) return(1);
        else {
              php_error(E_WARNING, "SAFE MODE Restriction in effect.  The script whose uid is %ld is not allowed to access %s owned by uid %ld",uid,fn,duid);
when change this for return(1) all seems to be OK.
What sense in having the same uid owns php-scripts and
is web-user?

Loaded Modules
mod_php4, mod_setenvif, mod_auth, mod_access, mod_alias,
mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir,
mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime,
mod_log_config, mod_env, mod_charset, http_core

php.ini from distribution except the following lines:
safe_mode               =       On
auto_prepend_file,error logging settings,upload_tmp_dir

WBR, Yury Bokhoncovich.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-10-18 06:03 UTC]
The whole point of safe_mode it to prevent access to files not owned by owner of the script. If you don't want it, turn off the safe mode. 
 [2002-04-04 00:16 UTC] byg at d7 dot ru
Upcoming 4.2 has a few cool features to avoid given problem:

Combination of those allows:
1) to enable safe_mode
2) to have different uid(s)/gid(s) for web-server and for web-developers (pretty usefule for hosting and dev-groups)
3) still to restrict access to certain areas

Thanx, folks.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Dec 03 03:03:42 2022 UTC