Bug #15547: tempnam() bypasses security

Wed, 13 Feb 2002 23:01:48 -0800 

From:             [EMAIL PROTECTED]
Operating system: Linux(RedHat 7.1)
PHP version:      4.0.6
PHP Bug Type:     Filesystem function related
Bug description:  tempnam() bypasses security

tempnam() function bypasses open_basedir directive
set by php.ini

This can be seen f.e. by following code:

$tfile=tempnam("/tmp","foobar"); 
// this is a success regardless of a open_basedir setting
$fp=fopen($tfile,"w")
// file is already created but fopen() fails if 
// open_basedir is set, but not to include /tmp


-- 
Edit bug report at http://bugs.php.net/?id=15547&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=15547&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=15547&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=15547&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=15547&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=15547&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=15547&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=15547&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=15547&r=submittedtwice

Reply via email to