ID: 40425
Comment by: bugs at nazarenko dot net
Reported By: priappub at yahoo dot fr
Status: No Feedback
Bug Type: Safe Mode/open_basedir
Operating System: Solaris 10
PHP Version: 5.2.1
New Comment:
I can confirm a very similar bug on Solaris 10 SPARC Update 3 with the
latest php5.2-200707231430 snapshot.
Here is the testing script /tmp/test.php:
<?php
echo "safe = " . (ini_get('safe_mode') ? "On" : "Off") . "\n";
echo "uid = " . getmyuid() . "\n";
echo "gid = " . getmygid() . "\n";
echo file_get_contents('/etc/passwd');
?>
I have performed these commands in PHP source directory (as root):
cd /tmp/php5.2-200707231430
./configure --disable-all --disable-cgi --enable-safe-mode
make
I login with a user account (uid:gid 2010:605)
cd /tmp/php5.2-200707231430/sapi/cli
./php test.php
The output is the following:
safe = On
uid = 0
gid = 1004
........ and then the contents of the '/etc/passwd' file.
Actually it does not matter which user is executing this script. It
always returns uid:gid as 0:1004 (even for a root user). It also does
not matter whether 'Safe Mode' is On or Off. This makes 'Safe Mode'
practically useless on the machine, as all the scripts run with root's
uid.
At first I thought that the gid 1004 is coming out of the blue, because
I do not have any groups with such id. Then I saw that the files in PHP
source tarball as well as the compiled binary in 'sapi/cli' directory
have uig:gid 1004:1004. So it would be logical to assume that all of
that is somehow related. I tried to change the uid:gid of the compiled
binary but it did not change the behaviour. I guess something goes wrong
during the compilation phase.
I cannot provide access to this machine at the moment, but I could
arrange it if really was required. Otherwise I am happy to do any other
additional testing that could be useful.
Previous Comments:
------------------------------------------------------------------------
[2007-03-21 01:00:00] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2007-03-13 20:42:40] [EMAIL PROTECTED]
Sure, but they can't be in the same directory in the same time.
------------------------------------------------------------------------
[2007-03-13 20:35:27] priappub at yahoo dot fr
The 2 versions are not working at the same time.
------------------------------------------------------------------------
[2007-03-12 09:42:31] [EMAIL PROTECTED]
Two different apaches in one server root?
How did you manage to do that?
------------------------------------------------------------------------
[2007-03-10 20:32:45] priappub at yahoo dot fr
The self-compiled apache:
[EMAIL PROTECTED] bin]# ./httpd -V
Server version: Apache/2.0.59
Server built: Feb 22 2007 00:29:21
Server's Module Magic Number: 20020903:12
Server loaded: APR 0.9.12, APR-UTIL 0.9.12
Compiled using: APR 0.9.12, APR-UTIL 0.9.12
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_FCNTL_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/apache2"
-D SUEXEC_BIN="/usr/apache2/bin/suexec"
-D DEFAULT_PIDLOG="/var/logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/40425
--
Edit this bug report at http://bugs.php.net/?id=40425&edit=1
