ID: 43819
User updated by: fxbois at gmail dot com
Reported By: fxbois at gmail dot com
Status: Open
Bug Type: Session related
Operating System: RHEL3
PHP Version: 5.2.5
New Comment:
It is so strange that such a big security issue is not dealt serioulsy
by a core php developer.
Manuel thanx for your patch.
Previous Comments:
------------------------------------------------------------------------
[2008-02-05 13:17:24] manuel at mausz dot at
Same as Bug 43677 :)
------------------------------------------------------------------------
[2008-02-05 08:44:20] fxbois at gmail dot com
I must confess that I changed all my servers because, as I said it was
a serious security problem for me, and I had no feedback.
The configuration I used to have was :
1/ session.save_path in the php.ini
2/ php_admin_value session.save_path in the virtualhost
3/ use off the function session_save_path() in a script. The script is
loaded for every action but set a different path according to the URI.
------------------------------------------------------------------------
[2008-02-05 00:26:06] [EMAIL PROTECTED]
Are you by any chance using php_admin_value / php_value anywhere in
your httpd.conf / .htaccess files? And if so, are you using those to
set different session.save_path?
------------------------------------------------------------------------
[2008-01-12 17:49:05] fxbois at gmail dot com
I have in my php.ini file the value :
session.save_path = "/tmp"
When I try to change this value in a php script with
session_save_path()
the new value is not kept and the session.save_path still contains
"/tmp".
session_save_path("2;0777;web/tmp");
error_log(session_save_path());
// /tmp appears instead of 2;0777;web/tmp
What is strange is that this bad behaviour only appears a few minutes
after an apache restart.
I tried many night build (5.2.6) with no success. I am sure that this
behaviour appeared with 5.2.5.
I can try patches if you want.
Hope this new comment will help. This bug is very very annoying on a
shared server.
tia
------------------------------------------------------------------------
[2008-01-11 14:14:01] fxbois at gmail dot com
Description:
------------
Hi,
I want to report that PHP 5.2.5 loose the local session.save_path. I
set it with session_save_path() but just after, when I look at its
value, it contains the master value instead of the value just setted.
This happens after a short period of time. (Just after restrating
apache everything works fine).
It is a big security problem in my opinion.
System :
- Red Hat Enterprise Linux ES release 3 (Taroon Update 8)
- PHP 5.2.5
- Apache/2.0.46
Reproduce code:
---------------
// master value is /home/.tmp
$new = '2;0777;web/tmp';
session_save_path($new);
echo session_save_path();
Expected result:
----------------
2;0777;web/tmp
Actual result:
--------------
/home/.tmp
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=43819&edit=1
