Bug #53514 [Opn]: open_basedir broken in PHP 5.3.15, denies all access to files

Fri, 10 Dec 2010 00:33:43 -0800 

Edit report at http://bugs.php.net/bug.php?id=53514&edit=1

 ID:                 53514
 Updated by:         cataphr...@php.net
 Reported by:        tomsom...@php.net
 Summary:            open_basedir broken in PHP 5.3.15, denies all access
                     to files
 Status:             Open
 Type:               Bug
 Package:            Safe Mode/open_basedir
 Operating System:   Linux
 PHP Version:        5.2.15
 Block user comment: N
 Private report:     N

 New Comment:

See also
http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg847440.html


Previous Comments:
------------------------------------------------------------------------
[2010-12-10 09:26:02] tomsom...@php.net

The commit that presumably broke it:
http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824

------------------------------------------------------------------------
[2010-12-10 09:24:39] tomsom...@php.net

Description:
------------
The fix for CVE-2010-3436 broke open_basedir



Might also affect PHP 5.3.4



consider



    php_admin_value open_basedir
"/var/www/www.example.dk/:/var/www/tmp/:/usr/local/bin/safe/"



The DocumentRoot of the site is "/var/www/www.example.dk/www/"



Opening /var/www/www.example.dk/www/index.php
(http://example.dk/index.php) triggers:



Warning: Unknown: open_basedir restriction in effect.
File(/var/www/www.example.dk/www/index.php) is not within the allowed
path(s): (/var/www/www.example.dk/:/var/www/tmp/:/usr/local/bin/safe/)
in Unknown on line 0



Warning: Unknown: failed to open stream: Operation not permitted in
Unknown on line 0



Warning: Unknown: open_basedir restriction in effect.
File(/var/www/www.example.dk/www/index.php) is not within the allowed
path(s): (/var/www/www.example.dk/:/var/www/tmp/:/usr/local/bin/safe/)
in Unknown on line 0



Warning: Unknown: failed to open stream: Operation not permitted in
Unknown on line 0



Fatal error: Unknown: Failed opening required
'/var/www/www.example.dk/www/index.php'
(include_path='.:/usr/local/lib/php') in Unknown on line 0





------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53514&edit=1

Reply via email to