Bug #17466 Updated: Safe mode uid -1 bug

Mon, 27 May 2002 17:35:11 -0700 

 ID:               17466
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
 Bug Type:         Filesystem function related
 Operating System: Linux 2.4.7-10
 PHP Version:      4.2.1
 New Comment:

Little bit of extra info (which may or may not be helpful), OS
version:
Linux version 2.4.7-10smp ([EMAIL PROTECTED]) (gcc
version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)) #1 SMP Thu 
Sep 6 17:09:31 EDT 2001

Apache config commands:
./configure --prefix=/usr/local/apache --enable-so
--enable-rewrite=shared --enable-ssl=shared --enable-suxec=shared

PHP config commands:
./configure --with-mysql=/usr/local/mysql
--with-apxs2=/usr/local/apache/bin/apxs


Previous Comments:
------------------------------------------------------------------------

[2002-05-27 20:45:19] [EMAIL PROTECTED]

When safe mode is on php is unable to determine the uid of the running
script, it reports it as -1.  As you might imagine, this completely
breaks the utility of safe mode with respect to file access.  Also, the
same bug occurs when using safe_mode_gid (it reports the gid as -1 as
well).  Note that it does get the appropriate uid/gid for the file that
is attempted to be accessed.

I am running Apache 2.0.36 and the newest version of PHP (4.2.1).


I did some poking around and I think I found out what's going on.  In
ext/standard/pageinfo.c, php_statpage() tries to determine and stat the
running script file like so:

--------------------------------------------
       pstat = sapi_get_stat(TSRMLS_C);
   
        if (BG(page_uid)==-1 || BG(page_gid)==-1) {
                if(pstat) {
                        BG(page_uid)   = pstat->st_uid;
                        BG(page_gid)   = pstat->st_gid;
                        BG(page_inode) = pstat->st_ino;
                        BG(page_mtime) = pstat->st_mtime;
                }
        }
--------------------------------------------

pstat is not properly set by sapi_get_stat() (from main/SAPI.c) so the
page_uid et al values are not changed, and retain their defaults (-1).


I looked around a bit to see if I could make a workaround by stating
the script file without using sapi_get_stat but I couldn't figure out
what variable contained the script filename.

------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=17466&edit=1

Reply via email to