PHP :: Request #9516 :: No trivial way to bypass safe mode when running as a shell

Request #9516	No trivial way to bypass safe mode when running as a shell
Submitted:	2001-03-01 19:26 UTC	Modified:	2006-10-27 00:58 UTC
From:	bram at xspace dot com	Assigned:
Status:	Not a bug	Package:	Feature/Change Request
PHP Version:	4.0.4pl1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-03-01 19:26 UTC] bram at xspace dot com

I keep PHP both as an apache module and as a standalone shell,

However, to be responsible, I need safe mode for the apache module and so it's in the .ini file.

But when I run the script from a standalone shell from suexec, PHP insists on
reading the .ini, going into safe mode, and then setuid's -1, from which there is
no recovery.

There is no way around this except to compile each version with a separate config-file-path, one path has a config without safe_mode and one does.

Scenario:
    script file has same owner uid as POSIX getuid()
    script is being executed through a shell (#!/usr/local/bin/php)

You cannot specify an alternate config file from the shell invocation when being executed from suexec -- it
will keep on reporting, "No input file specified" (which is an entirely separate issue.)

There should be an option for the shell not to enter safe-mode, and it could be specified as part
of the shell invocation line in the script, (ie #!/usr/local/bin/php --no-safe-mode)  I think if some restriction control could be placed in the .ini file to restrict who is allowed to perform that function, that would safe enough.

Bram

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-10-27 00:58 UTC] rasmus@php.net

Safe mode is gone now so this doesn't apply anymore.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Oct 22 15:01:29 2024 UTC