Bug #17536: safe_mode_include_dir does not work properly with symbolic links.

Thu, 30 May 2002 16:59:43 -0700 

From:             [EMAIL PROTECTED]
Operating system: Linux (SuSE)
PHP version:      4.2.1
PHP Bug Type:     Scripting Engine problem
Bug description:  safe_mode_include_dir does not work properly with symbolic links.

Hello,

I think safe_mode_include_dir does not work properly with symbolic
links. Here my configuration:


<VirtualHost 134.96.x.y>
    DocumentRoot /kunden/hosting/server/doma.in/sub/htdocs
    ServerName sub.doma.in

    <IfModule mod_php4.c>
        php_admin_value safe_mode 1
        php_admin_value safe_mode_exec_dir /usr/bin
        php_admin_value safe_mode_include_dir
/kunden/hosting/server/doma.in/sub

        php_admin_value open_basedir /kunden/hosting/server/doma.in/sub

        php_admin_value upload_tmp_dir
/kunden/hosting/server/doma.in/sub/tmp

        php_admin_value include_path
.:/kunden/hosting/server/doma.in/sub/lib_php

        php_admin_value error_reporting 2023
    </IfModule>


</VirtualHost>


I copied

    /usr/local/lib/php/.

to

    /kunden/hosting/server/doma.in/sub/lib_php/

(PEAR).

Everthing in .../sub/lib_php/. is owned by root.root, the remaining
files and dirs in .../sub/ by vs1.www

If I try to include 'System.php' I get this error:

    Warning: SAFE MODE Restriction in effect. The script whose uid is
    504 is not allowed to access
    /kunden/hosting/server/doma.in/sub/lib_php/System.php owned by uid
    0 in /var/www/doma.in/sub/htdocs/index.php on line 9

You should know there is a symbolic link:

    /kunden/hosting/server -> /var/www


If I change the line with safe_mode_include_dir as following
    
    php_admin_value safe_mode_include_dir /var/www/doma.in/sub

the include statements works as expected.

Regards,
   Martin
-- 
Edit bug report at http://bugs.php.net/?id=17536&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=17536&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=17536&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=17536&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=17536&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=17536&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=17536&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=17536&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=17536&r=submittedtwice
register_globals:    http://bugs.php.net/fix.php?id=17536&r=globals

Reply via email to