PHP :: Bug #7204 :: Safe mode prevents normal operations with files

Bug #7204	Safe mode prevents normal operations with files
Submitted:	2000-10-14 08:21 UTC	Modified:	2000-10-18 06:03 UTC
From:	byg at d7 dot ru	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	4.0.3	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2000-10-14 08:21 UTC] byg at d7 dot ru

Hello!

Safe mode prevents normal operations with files, e.g.:
====================
<?
//if (copy("/home/tmp/test4.html", "/home/byg/f1/main/tpic/test4.html"))
/*if (!file_exists($fn)) echo "NOT FOUND $fn<br>\n";
if (file_exists($fn)) echo "FOUND $fn<br>\n";
if (copy($fn, "/home/byg/f1/main/tpic/test4.html"))
 echo "OK";
else
 echo "BAD";*/
//include "/home/byg/homepage/testy.inc";
?>
====================
it prints "FOUND phpVtC860" and "BAD".

More general case:
<?
if (!copy(somefile, anothefile)) echo "Error";
?>

this script will print "Error" if "somefile" has been
uploaded or just belongs to a uid different with uid of
running script. Quote log file:
=================
[14-Oct-2000 18:15:09] PHP Warning:  SAFE MODE Restriction in effect.  The script whose uid is 100 is not allowed to access /home/tmp/phpVtC860 owned by uid 9000 in /home/byg/homepage/testy.inc on line 5
=================

I think there is nothing wrong in my setup when
there are Apache-pseudo-user and web-development user with
different uids. Essentially, I cannot allow apache pseudo-user to own neither HTML files nor PHP-scripts.
But this is the cause of quoted message and failures of
copy function.

I think something wrong in algorithm of
PHPAPI int php_checkuid(const char *fn, char *fopen_mode, int mode), 'cos I didn't catch sense of the following
checking:
=============
        if (duid == (uid=php_getuid())) return(1);
        else {
              php_error(E_WARNING, "SAFE MODE Restriction in effect.  The script whose uid is %ld is not allowed to access %s owned by uid %ld",uid,fn,duid);
                return(0);
=============
when change this for return(1) all seems to be OK.
What sense in having the same uid owns php-scripts and
is web-user?

Loaded Modules
mod_php4, mod_setenvif, mod_auth, mod_access, mod_alias,
mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir,
mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime,
mod_log_config, mod_env, mod_charset, http_core

php.ini from distribution except the following lines:
safe_mode               =       On
safe_mode_protected_env_vars=LD_LIBRARY_PATH,REQUEST_URI,PHP_SELF
auto_prepend_file,error logging settings,upload_tmp_dir

WBR, Yury Bokhoncovich.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-10-18 06:03 UTC] stas@php.net

The whole point of safe_mode it to prevent access to files not owned by owner of the script. If you don't want it, turn off the safe mode.

[2002-04-04 00:16 UTC] byg at d7 dot ru

Upcoming 4.2 has a few cool features to avoid given problem:
safe_mode_gid
safe_mode_include_dir

Combination of those allows:
1) to enable safe_mode
2) to have different uid(s)/gid(s) for web-server and for web-developers (pretty usefule for hosting and dev-groups)
3) still to restrict access to certain areas

Thanx, folks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 03:01:30 2025 UTC