|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #7217 Security Problem with "include_dir" configuration
Submitted: 2000-10-15 03:49 UTC Modified: 2001-08-27 11:44 UTC
From: afader at asqnet dot org Assigned:
Status: Duplicate Package: Feature/Change Request
PHP Version: 4.0.2 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: afader at asqnet dot org
New email:
PHP Version: OS:


 [2000-10-15 03:49 UTC] afader at asqnet dot org
Okay - set up a common script directory. /home/httpd/phpi
in php.ini - set include_dir = .:/home/httpd/phpi
set safe_mode on.
Put a file into the directory.  Call it ""
make the owner of any user and any group.
make a web page with a different user in the same group.

the web page cannot include(""); you get a warning: SAFE MODE that uid 1 <> uid 2.

This makes it impossible to have shared php includes across multiple users.

Allow some way for SAFE MODE to ignore user matching on a selected directory (or set of directories.)  Or ignore matching for a specific userid/or/groupid on the target files???

Or, let me know what I'm doing wrong???

- Thanks -

p.s. PHP rules ;-)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-08-27 11:44 UTC]
Duplicate of 8963.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Apr 16 13:01:30 2024 UTC