ID: 19292
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Critical
Bug Type: Apache related
Operating System: linux
PHP Version: 4.3.0-dev,4.2.3
Previous Comments:
------------------------------------------------------------------------
[2002-10-31 04:17:18] [EMAIL PROTECTED]
Can you mark this critical ?
------------------------------------------------------------------------
[2002-10-30 00:56:28] [EMAIL PROTECTED]
I also have this problem, in both Solaris 8 and Linux Mandrake with
Apache 1.2.27 with PHP 4.2.2, 4.2.3 and
also 4.3.0r2. In all cases the followig example does not work and php
complains about open_basedir restriction in
all but in 4.3.0r2, where the example does not work and no
warning or error message is issued.
You can reproduce this situation with 3 php scripts with safe_mode on:
/usr/local/http-docs/common/scripts/test.php --------------
<?php
include("test/test.php");
?>
/usr/local/http-docs/common/lib/test/test.php -------------
<?php
phpinfo();
echo "hello";
include("hello.php");
?>
/usr/local/http-docs/common/lib/test/hello.php -------------
<?php
echo "hello world";
?>
Apache configuration to reproduce the situation --------------
<Directory "/usr/local/http-docs/common/lib/">
Options none
AllowOverride None
Order allow,deny
Deny from all
</Directory>
Alias /scripts/ "/usr/local/http-docs/common/scripts/"
<Directory "/usr/local/http-docs/common/scripts/">
Options none
AllowOverride None
Order allow,deny
Allow from all
php_admin_value open_basedir
/usr/local/http-docs/common/scripts/:/usr/local/http-docs/common/lib
</Directory>
<VirtualHost 192.168.0.3>
ServerName 192.168.0.3
DocumentRoot /usr/local/http-docs/test
php_admin_value open_basedir
/usr/local/http-docs/test:/usr/local/http-docs/common/lib:/var/tmp:/usr/local/lib/php
php_admin_value doc_root /usr/local/http-docs/test
</VirtualHost>
to reproduce the error just go to http://192.168.0.3/scripts/test.php
altough phpinfo() on /usr/local/http-docs/common/lib/test/test.php
shows that open_basedir includes /usr/local/http-docs/common/lib
php fails to open hello.php
------------------------------------------------------------------------
[2002-10-24 10:32:15] [EMAIL PROTECTED]
Looks like this bug is more serious than I thought. With
my workaround I get now randomly:
[24-Oct-2002 17:18:04] PHP Warning: Failed opening
'/include/banner.php' for inclusion (include_path='.') in
/www/doc/www.aaa.ch-80/wrapper.php on line 45
[24-Oct-2002 17:18:04] PHP Warning: Failed opening
'/include/services_2nd.inc' for inclusion (include_path='.') in
/www/doc/www.aaa.ch-80/wrapper.php on line 132
It really looks into the wrong dirs.
zend_get_executed_filename(TSRMLS_C) and path are not the
always the same.
Maybe this is a off by one error somewhere ?
Martin
------------------------------------------------------------------------
[2002-10-24 05:05:47] [EMAIL PROTECTED]
Heh, now happens the opposite:
[24-Oct-2002 11:55:45] PHP Warning: open_basedir: File should be in
/www/doc/www.customer.ch-80, but is in
/www/doc/www.customer.org-80/photos/index.php file
(/www/doc/www.aaa.ch-80/formmail.php) in Unknown on line 0
I added now both cases. Works so far :P but doesn't solve
the real problem.
http://people.freebsd.org/~mbr/patches/fopen_wrappers.c.diff
------------------------------------------------------------------------
[2002-10-24 04:26:38] [EMAIL PROTECTED]
I'm using this workaround for now. It solves the
problem:
--- main/fopen_wrappers.c.orig Wed Oct 23 11:49:40 2002
+++ main/fopen_wrappers.c Thu Oct 24 11:22:18 2002
@@ -189,10 +189,12 @@
/* Only check when open_basedir is available */
if (PG(open_basedir) && *PG(open_basedir)) {
char *pathbuf;
+ char *newpath;
char *ptr;
char *end;
pathbuf = estrdup(PG(open_basedir));
+ newpath =
estrdup(zend_get_executed_filename(TSRMLS_C));
ptr = pathbuf;
@@ -203,15 +205,18 @@
end++;
}
- if (php_check_specific_open_basedir(ptr, path
TSRMLS_CC) == 0) {
+ if (php_check_specific_open_basedir(ptr,
newpath TSRMLS_CC) == 0) {
efree(pathbuf);
+ efree(newpath);
return 0;
}
ptr = end;
}
- php_error(E_WARNING, "open_basedir restriction in
effect. File is in wrong directory");
+ php_error(E_WARNING, "open_basedir: File should be in
%s, but is in %s file (%s)",
+ pathbuf, path, newpath);
efree(pathbuf);
+ efree(newpath);
errno = EPERM; /* we deny permission to open it */
return -1;
}
@@ -226,8 +231,8 @@
PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC)
{
/* Only check when safe_mode on and safe_mode_include_dir is
available */
- if (PG(safe_mode) && PG(safe_mode_include_dir) &&
- *PG(safe_mode_include_dir))
+ if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode))
+ && PG(safe_mode_include_dir) &&
*PG(safe_mode_include_dir))
{
char *pathbuf;
char *ptr;
@@ -268,7 +273,7 @@
}
/* Nothing to check... */
- return -1;
+ return 0;
}
/* }}} */
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19292
--
Edit this bug report at http://bugs.php.net/?id=19292&edit=1
