From: Joerg dot Dieter dot Friedrich at uni-konstanz dot de
Operating system: Solaris 8
PHP version: 4.3.1
PHP Bug Type: *Directory/Filesystem functions
Bug description: open_basedir: strange problems
Hi!
First I know that there are a lot of different bugs concerning
open_basedir, and I read recent ones, about 20. But this is all strange.
Second: My system is a Sparc U10
Solaris 8 based.
Apache 1.3.27 and PHP4.3.1
This is my test system for out Webmailservice.
ATM there is a Horde-1.2.8/imp2.2.8 installed which is a identical copy
from our working production system. This is in docroot of the apache.
(Filesystem location: /opt/horde/htdocs/horde/imp). php.ini hase a
include_path to /opt/horde/phplib, and the auto_prepend_file statement for
phplib. open_basedir is set to
".:/opt/php4/lib/php:/opt/horde2test:/var/tmp/ldapcache:/opt/horde:/var/webmail-attachments"
We are in the transition to Horde2.2.1/imp3.1.
I installed the new system into /opt/horde2test and
made an alias in apache's httpd.conf to https://<server>/imp3test and set
via php_admin_value the prepend file to none and the include-path to
php4.3.1/pear-directory. This is all still working fine.
But we have a small and dirty hack within the old horde/imp combo which is
needed to get the userid from a ldapserver. The users have to use their
mail-alias to login, but for the connection to the imapserver the userid
is required. Our piece of code does only some ldap-queries and then tries
to store the result in a file to speed up next login.
and the code to write these small files is this:
$pfad="/tmp/ldapcache/".$buchstabe1."/".$buchstabe2;
$filename=$pfad."/".$imp['user'];
$command="mkdir -m 0700 -p ".$pfad;
exec($command);
$fd=fopen($filename,"w");
fwrite($fd,$imp['unipopid']); fwrite($fd,"\n");
fclose($fd);
In Horde1/imp2 there is no error the files are created.
In Horde2/imp3 I always get:
[19-Feb-2003 21:06:37] PHP Warning:fopen()]: open_basedir restriction in
effect. File(/tmp/ldapcache/j/f/joerg.dieter.friedrich) is not within the
allowed path(s): (.) in /opt/horde2test/htdocs/horde/imp/lib/IMP.php on
line 166
[19-Feb-2003 21:06:37] PHP Warning:
fopen(/tmp/ldapcache/j/f/joerg.dieter.friedrich): failed to create stream:
Not owner in /opt/horde2test/htdocs/horde/imp/lib/IMP.php on line 166
[19-Feb-2003 21:06:37] PHP Warning: fwrite(): supplied argument is not a
valid stream resource in /opt/horde2test/htdocs/horde/imp/lib/IMP.php on
line 167
[19-Feb-2003 21:06:37] PHP Warning: fwrite(): supplied argument is not a
valid stream resource in /opt/horde2test/htdocs/horde/imp/lib/IMP.php on
line 167
[19-Feb-2003 21:06:37] PHP Warning: fclose(): supplied argument is not a
valid stream resource in /opt/horde2test/htdocs/horde/imp/lib/IMP.php on
line 168
If I use the older horde/imp on the _same_ machine with the _same_
apache/php there is no problem the file is created.
And to be more funny: /tmp is a symlink to /var/tmp
If i change the line
$pfad="/tmp/ldapcache/".$buchstabe1."/".$buchstabe2;
to
$pfad="/var/tmp/ldapcache/".$buchstabe1."/".$buchstabe2;
everything works as expected.
And now I do not know what to do?
What can cause such strange effects?
To be honest I hesitate to go productional with such a system if I cannot
be sure that its working as it should.
Yours Joerg
--
Edit bug report at http://bugs.php.net/?id=22309&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=22309&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=22309&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=22309&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=22309&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=22309&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=22309&r=support
Expected behavior: http://bugs.php.net/fix.php?id=22309&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=22309&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=22309&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=22309&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22309&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=22309&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=22309&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=22309&r=gnused
