php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7744 safe mode php wrong script uid
Submitted: 2000-11-10 05:54 UTC Modified: 2001-07-06 23:31 UTC
From: meik dot doell at eed dot ericsson dot se Assigned:
Status: Closed Package: *General Issues
PHP Version: 4.0.3pl1 OS: SunOS 5.6
Private report: No CVE-ID: None
 [2000-11-10 05:54 UTC] meik dot doell at eed dot ericsson dot se
in safe mode, the php script uid seems to default to 1 instead of the httpd uid (taken from apache httpd process)

case 1)
no safe mode: apache runs as http uid 11101 and a php script readable by uid 11101 can be accessed and is parsed - fine.

case 2)
now safe mode is enabled and a php script owned by uid 11101 or in a directory owned by 11101 is read but not parsed. Message is "Warning: SAFE MODE Restriction in effect. The script whose uid is 1 is not allowed to access /path/script.php3 owned by uid 11101 in Unknown on line 0."

I am sure that apache does not run with uid 1 but with uid 11101 because scripts readable by uid 1 but not 11101 are not even found by apache (403 forbidden).

Where does the php script uid 1 come from?

The only way to get php4 and safe mode working now is to have the directory or file owned by uid 1 which is neither apache's uid nor the user's uid - i can't imagine this is intentional?



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-12-08 11:11 UTC] meik dot doell at eed dot ericsson dot se
On Solaris, safe mode only works if either the php script to be parsed or the directory it is in are owned by numerical uid 1 (note: this is neither the uid of the person writing the script nor the httpd uid). This is not the definition of safe mode...

Trying to narrow the problem down:

In safe_mode.c the function php_checkuid demands two uids to match:

uid = php_getuid() should be the php file currently parsed (but is always "1" on a solaris system)
duid = sb.st_uid is the file to be included (correct value)

It seems that php_getuid() is broken on solaris, always returning "1". Unfortunately now safe mode is unusable because all scripts and included files have to be readable by the http uid (e.g. world), writable by the script developer(e.g. group) and the owner must be uid "1" (daemon, bin, or whatever uid "1" is).

Note that this is even when a simple file is parsed where no other file is included (require()).

Testdrive 1
-----------
plain php file is parsed /www/php/test.php, owner 1331, group httpd
   <HTML><BODY>
   <?php echo phpinfo(); ?>
   </BODY></HTML>
Warning: SAFE MODE Restriction in effect. The script whose uid is 1 is not allowed to access /www/php/test.php owned by uid 1331 in Unknown on line 0
Warning: Failed opening '/www/php/test.php' for inclusion (include_path='.') in Unknown on line 0

To make it work, I must
chown 1 /www/php
or
chown 1 /www/php/test.php
which is not useful because the script uid should be the one of the owner of the file.
Seems that "parsing a php file in safe mode" is defined as "including the file into itself in safe mode" and the initial values are not correct but default to "1".

Testdrive 2
-----------
php file is parsed /www/php/test.php, owner now uid 1 (unfortunately), group httpd
   <HTML><BODY>
   <?require ("/www/php/somefile.inc"); ?>
   </BODY></HTML>
Warning: SAFE MODE Restriction in effect. The script whose uid is 1 is not allowed to access /www/php/include/somefile.inc owned by uid 1331 in /www/php/test.php on line 2
Fatal error: Failed opening required '/www/php/somefile.inc' (include_path='.') in /www/php/test.php on line 2

The base problem seems that when a php file is parsed in safe mode, it has to be uid 1 or in a directory owned by uid 1 which is not desired...



 [2001-07-06 23:31 UTC] jason@php.net
Try a later version of php and reopen if still an issue.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Nov 28 15:03:14 2021 UTC