[PHP-BUG] Bug #53514 [NEW]: open_basedir broken in PHP 5.3.15, denies all access to files

Fri, 10 Dec 2010 00:24:58 -0800 

From:             tomsommer
Operating system: Linux
PHP version:      5.2.15
Package:          Safe Mode/open_basedir
Bug Type:         Bug
Bug description:open_basedir broken in PHP 5.3.15, denies all access to files

Description:
------------
The fix for CVE-2010-3436 broke open_basedir



Might also affect PHP 5.3.4



consider



    php_admin_value open_basedir
"/var/www/www.example.dk/:/var/www/tmp/:/usr/local/bin/safe/"



The DocumentRoot of the site is "/var/www/www.example.dk/www/"



Opening /var/www/www.example.dk/www/index.php (http://example.dk/index.php)
triggers:



Warning: Unknown: open_basedir restriction in effect.
File(/var/www/www.example.dk/www/index.php) is not within the allowed
path(s): (/var/www/www.example.dk/:/var/www/tmp/:/usr/local/bin/safe/) in
Unknown on line 0



Warning: Unknown: failed to open stream: Operation not permitted in Unknown
on line 0



Warning: Unknown: open_basedir restriction in effect.
File(/var/www/www.example.dk/www/index.php) is not within the allowed
path(s): (/var/www/www.example.dk/:/var/www/tmp/:/usr/local/bin/safe/) in
Unknown on line 0



Warning: Unknown: failed to open stream: Operation not permitted in Unknown
on line 0



Fatal error: Unknown: Failed opening required
'/var/www/www.example.dk/www/index.php'
(include_path='.:/usr/local/lib/php') in Unknown on line 0




-- 
Edit bug report at http://bugs.php.net/bug.php?id=53514&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=53514&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=53514&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=53514&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=53514&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=53514&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=53514&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=53514&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=53514&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=53514&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=53514&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=53514&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=53514&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=53514&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=53514&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=53514&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=53514&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=53514&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=53514&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=53514&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=53514&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=53514&r=mysqlcfg

Reply via email to