From: liquid at haveheart dot com
Operating system: linux
PHP version: 4.3.6
PHP Bug Type: *Directory/Filesystem functions
Bug description: getgid/getuid usage
Description:
------------
in a lot of the code, php does checks using getuid or
getgid. one should actually be checking with geteuid
and getegid, especially in situations where you are
looking at getgroups.
one might look at ext/standard/filestat.c for examples
(FS_IS_W st_mode checks as an example). an example
function that is potentially affected by this is
is_writeable('filename') when combined with the User and
Group directives in apache's httpd.conf file.
--
Edit bug report at http://bugs.php.net/?id=28812&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28812&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28812&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28812&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28812&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28812&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28812&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28812&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28812&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28812&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28812&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28812&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28812&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28812&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28812&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28812&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28812&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28812&r=float
