ID: 7204
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Closed
Bug Type: Scripting Engine problem
Operating System: Linux
PHP Version: 4.0.3
New Comment:
Upcoming 4.2 has a few cool features to avoid given problem:
safe_mode_gid
safe_mode_include_dir
Combination of those allows:
1) to enable safe_mode
2) to have different uid(s)/gid(s) for web-server and for
web-developers (pretty usefule for hosting and dev-groups)
3) still to restrict access to certain areas
Thanx, folks.
Previous Comments:
------------------------------------------------------------------------
[2000-10-18 06:03:52] [EMAIL PROTECTED]
The whole point of safe_mode it to prevent access to files not owned by
owner of the script. If you don't want it, turn off the safe mode.
------------------------------------------------------------------------
[2000-10-14 08:21:29] [EMAIL PROTECTED]
Hello!
Safe mode prevents normal operations with files, e.g.:
====================
<?
//if (copy("/home/tmp/test4.html",
"/home/byg/f1/main/tpic/test4.html"))
/*if (!file_exists($fn)) echo "NOT FOUND $fn<br>\n";
if (file_exists($fn)) echo "FOUND $fn<br>\n";
if (copy($fn, "/home/byg/f1/main/tpic/test4.html"))
echo "OK";
else
echo "BAD";*/
//include "/home/byg/homepage/testy.inc";
?>
====================
it prints "FOUND phpVtC860" and "BAD".
More general case:
<?
if (!copy(somefile, anothefile)) echo "Error";
?>
this script will print "Error" if "somefile" has been
uploaded or just belongs to a uid different with uid of
running script. Quote log file:
=================
[14-Oct-2000 18:15:09] PHP Warning: SAFE MODE Restriction in effect.
The script whose uid is 100 is not allowed to access
/home/tmp/phpVtC860 owned by uid 9000 in /home/byg/homepage/testy.inc
on line 5
=================
I think there is nothing wrong in my setup when
there are Apache-pseudo-user and web-development user with
different uids. Essentially, I cannot allow apache pseudo-user to own
neither HTML files nor PHP-scripts.
But this is the cause of quoted message and failures of
copy function.
I think something wrong in algorithm of
PHPAPI int php_checkuid(const char *fn, char *fopen_mode, int mode),
'cos I didn't catch sense of the following
checking:
=============
if (duid == (uid=php_getuid())) return(1);
else {
php_error(E_WARNING, "SAFE MODE Restriction in effect.
The script whose uid is %ld is not allowed to access %s owned by uid
%ld",uid,fn,duid);
return(0);
=============
when change this for return(1) all seems to be OK.
What sense in having the same uid owns php-scripts and
is web-user?
Loaded Modules
mod_php4, mod_setenvif, mod_auth, mod_access, mod_alias,
mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir,
mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime,
mod_log_config, mod_env, mod_charset, http_core
php.ini from distribution except the following lines:
safe_mode = On
safe_mode_protected_env_vars=LD_LIBRARY_PATH,REQUEST_URI,PHP_SELF
auto_prepend_file,error logging settings,upload_tmp_dir
WBR, Yury Bokhoncovich.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=7204&edit=1
