ID: 15018 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: Filesystem function related Operating System: Debian Linux PHP Version: 4.3.0-RC2 New Comment:
This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2002-12-04 12:04:07] [EMAIL PROTECTED] With: safe_mode = On safe_mode_gid = On The code below can browse any directory/file on the system. This mentions openbase_dir but one (at least I) would think Safe Mode would have more power. Safe mode is strict in some regards but super loose in others it seems. In the very least please explain this a bit so it can be documented. And btw, the following is in the _php_do_opendir code but what does it do? dirp = php_stream_opendir(Z_STRVAL_PP(arg), ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL); Also AFICT this was suppose to be fixed: http://marc.theaimsgroup.com/?l=php-dev&m=101518887024304 ------------------------------------------------------------------------ [2002-01-14 10:27:42] [EMAIL PROTECTED] Danielsan is right... i have had a short look into the sourcecode (ext/standard/dir.c) and compared chdir-function with opendir-function. In PHP_FUNCTION(chdir) i found this three-liner which seems to be a safe_mode-Check: ------------------------- if (PG(safe_mode) && !php_checkuid((*arg)->value.str.val, NULL, CHECKUI$ RETURN_FALSE; } ------------------------- PHP_FUNCTION(opendir) (or _php_do_opendir() to which this function refers) does not have such a check, just a short open_basedir-Check. Oh, btw, it seems for me that chdir doesn't do a open_basedir-Check but i may be wrong. cu, Roland PS: All what i said is just 'imho' and 'afaik' because i do not have many expiences with C! ------------------------------------------------------------------------ [2002-01-14 08:55:06] [EMAIL PROTECTED] i did not test it, but 'looking at the source code' (TM) seems you need to use open_basedir to limit opendir() directory range. ------------------------------------------------------------------------ [2002-01-14 08:25:55] [EMAIL PROTECTED] On the same system (=same configuration) chdir() IS limited by safe_mode, opendir() are readdir() are NOT. This is either a bug, or if it isn't, I'll make it a feature request. Either way, it should be fixed, I think. Kind Regards, Daniel Lorch ------------------------------------------------------------------------ [2002-01-13 15:31:47] [EMAIL PROTECTED] Sorry for the bogus. Would you care to elaborate? I seem to be misunderstanding something. I just don't understand why - with the same configuration - chdir() cares about the UID, and opendir/readdir don't. chdir raises a "SAFE MODE Restriction in effect" whereas readdir() and opendir() let me browse through all directories where I have apache allowed to. Thanks for your help. Kind Regards, Daniel Lorch ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/15018 -- Edit this bug report at http://bugs.php.net/?id=15018&edit=1
