ID: 17108 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Feedback Bug Type: PHP options/info functions Operating System: FreeBSD 4.5-STABLE PHP Version: 4.2.0 New Comment:
As far as I can see there's no uid checking done when only using open_basedir. You're most likely using safe mode enabled and therefore activated uid checking. Or maybe I missed something? Previous Comments: ------------------------------------------------------------------------ [2002-05-08 23:21:34] [EMAIL PROTECTED] Hello, I'm not sure if this is a bug, or whether it is meant to do this, however since it makes no sense, I figure it must be a bug. Basically, when you use open_basedir, you should be able to open any files in basedir path, regardless of UID. So if apache is expecting the user Alasdair, and it tries to access a file owned by a different user, it only allows this if this file resides in the basedir path. If you create a directory with the correct user, and stick a file in it with the wrong user, this still works as long as the directory is in the basedir path. However, if you change the ownership of this directory to an incorrect user, you can no longer access any of the files in that directory! This seems quite mad, as the whole point of open_basedir is so you don't have to worry about ownerships so long as everything you access resides in the basedir. The offending C file is safe_mode.c, which i've attempted to modify unsuccessfully, mostly due to the fact I have no idea whats going on in it. I could get it to always return 1, though ;) The reason I require this is that I need to allow users to access files and directories created by apache, for some scripts that do this. Apache of course sets created files/dirs to its own UID. This is fine for files, but any directories created PHP won't access, due to this feature/bug. I have searched the web, and asked in #PHP on openprojects, but couldn't turn up any information. Any help is greatly appriciated, the only other solution would be to turn Safe Mode off. Configure options: ./configure --with-apxs=/usr/local/psa/apache/bin/apxs --prefix=/usr/local/psa/apache --with-system-regex --with-config-file-path=/usr/local/psa/apache/conf --disable-debug --disable-pear --enable-sockets --enable-track-vars --with-gd=/usr/local/src/gd-1.8.4 --with-mysql=/usr/local/psa/mysql --with-iodbc=/usr/local/src/imap-2001a/libiodbc-3.0.5 --with-imap=/usr/local/src/imap-2001a (Although i can replicate this problem even with the simplest setup, i don't think the local options cause this problem) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=17108&edit=1
