ID: 17466
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Filesystem function related
Operating System: Linux 2.4.7-10
PHP Version: 4.2.1
New Comment:
Update.
I installed the CVS release (4.3.0-dev) and the problem still exists
there. I switched over to the CGI/commandline install of PHP (4.2.1)
and it works correctly (i.e. when safe_mode is on it gets the correct
uid of the file owner).
Previous Comments:
------------------------------------------------------------------------
[2002-05-27 20:53:17] [EMAIL PROTECTED]
Little bit of extra info (which may or may not be helpful), OS
version:
Linux version 2.4.7-10smp ([EMAIL PROTECTED]) (gcc
version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)) #1 SMP Thu
Sep 6 17:09:31 EDT 2001
Apache config commands:
./configure --prefix=/usr/local/apache --enable-so
--enable-rewrite=shared --enable-ssl=shared --enable-suxec=shared
PHP config commands:
./configure --with-mysql=/usr/local/mysql
--with-apxs2=/usr/local/apache/bin/apxs
------------------------------------------------------------------------
[2002-05-27 20:45:19] [EMAIL PROTECTED]
When safe mode is on php is unable to determine the uid of the running
script, it reports it as -1. As you might imagine, this completely
breaks the utility of safe mode with respect to file access. Also, the
same bug occurs when using safe_mode_gid (it reports the gid as -1 as
well). Note that it does get the appropriate uid/gid for the file that
is attempted to be accessed.
I am running Apache 2.0.36 and the newest version of PHP (4.2.1).
I did some poking around and I think I found out what's going on. In
ext/standard/pageinfo.c, php_statpage() tries to determine and stat the
running script file like so:
--------------------------------------------
pstat = sapi_get_stat(TSRMLS_C);
if (BG(page_uid)==-1 || BG(page_gid)==-1) {
if(pstat) {
BG(page_uid) = pstat->st_uid;
BG(page_gid) = pstat->st_gid;
BG(page_inode) = pstat->st_ino;
BG(page_mtime) = pstat->st_mtime;
}
}
--------------------------------------------
pstat is not properly set by sapi_get_stat() (from main/SAPI.c) so the
page_uid et al values are not changed, and retain their defaults (-1).
I looked around a bit to see if I could make a workaround by stating
the script file without using sapi_get_stat but I couldn't figure out
what variable contained the script filename.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=17466&edit=1
