ID: 20054
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Scripting Engine problem
Operating System: Linux - Redhat 7.3
PHP Version: 4.3.0-dev
New Comment:
I've got Apache 2 and PHP 4.3.0-dev on Red Hat 7.2 with /usr/share/pear
in safe_mode_include_dir and I get "SAFE MODE Restriction in effect.
The script whose uid is 502 is not allowed to access
/usr/share/pear/Mail.php owned by uid 0" etc., with 'require_once(
"Mail.php" );' and 'require( "Mail.php" );' and ��'include( "Mail.php"
);' and 'include( "/usr/share/pear/Mail.php" );' and every other
variation I can think to try.
Previous Comments:
------------------------------------------------------------------------
[2002-10-30 11:37:56] [EMAIL PROTECTED]
The current implementation of safe_mode_include_dir only allows
require/include functions to bypass safe_mode. I've began a discussion
on php-dev on whether or not this should be expanded to include other
file operations. If you have an opinion on the matter, make it known
there (php-dev).
------------------------------------------------------------------------
[2002-10-24 12:17:37] [EMAIL PROTECTED]
Correct version (user tried with snapshot too..)
------------------------------------------------------------------------
[2002-10-24 02:49:22] [EMAIL PROTECTED]
This is possibly related to Bug #17858.
We've got Apache2 on Redhat 7.3, with safemode in php enabled. We
have safe_mode_gid set to on as well. The safe_mode include directory
is set as follows:
safe_mode_include_dir = "/home/staff/ryan/WWW"
I've then got the test script:
<?php
if ($dir = opendir("/home/staff/ryan/WWW"))
{while (($file = readdir($dir)) !== false) {
echo "$file\n";
}
closedir($dir);
} else {
echo "FAILED";
}
?>
That script has the following ownership permissions:
-rw-r--r-- 1 web nobody 229 Oct 24 15:31 test2.php
And /home/staff/ryan/WWW is:
drwxr-xr-x 5 ryan staff 4096 Oct 21 17:30 WWW
Calling the script displays "FAILED" on the browser and causes
the two following errors in the error log:
PHP Warning: opendir() [<a
href='http://www.php.net/function.opendir'>function.opendir</a>]: SAFE
MODE Restriction in effect. The script whose uid/gid is 89/99 is not
allowed to access /home/staff/ryan/WWW/ owned by uid/gid 270/110 in
/home/www/DOCS/phptest/test2.php on line 3
PHP Warning: opendir(/home/staff/ryan/WWW/) [<a
href='http://www.php.net/function.opendir'>function.opendir</a>]:
failed to open dir: Inappropriate ioctl for device in
/home/www/DOCS/phptest/test2.php on line 3
Changing the ownership permissions to the same user and/or group
causes the script to execute fine, displaying the contents with no
problems or errors.
It would appear that the safe_mode_include_dir value is not being
used, but I'm also open to the suggesion that I've stuffed up somewhere
else.
For the record, I originally started having problems with 4.2.2
(user and group returned as -1) this was fixed upgrading to 4.3.0-pre1,
but then the include_dir still had problems. I've tested it with
today's snapshot (php4-200210232100) and still have the same problem.
My config options looks like :
./configure --with-mysql=/usr/local/mysql --with-openssl --with-xml
--enable-track-vars --enable-force-cgi-redirect --enable-versioning
--with-apxs2=/usr/local/httpd/bin/apxs --with-zlib --enable-ftp
--enable-sockets --with-gettext --with-imap=/usr/local/imap
--with-imap-ssl
Ummm, help?
Cheers,
Ryan.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20054&edit=1
