ID: 33215 Updated by: [EMAIL PROTECTED] Reported By: soenke at city-map dot de -Status: Open +Status: Feedback Bug Type: Safe Mode/open_basedir Operating System: FC2/3 PHP Version: 4CVS-2005-06-01 (stable) New Comment:
Have you tried by using the Fedora provided Apache2 (the binary rpm)?? As I can NOT reproduce this with it. Previous Comments: ------------------------------------------------------------------------ [2005-06-01 23:01:20] soenke at city-map dot de Description: ------------ I discovered the strange behaviour of PHP4 that the open_basedir settings of several vhosts are leaking between each other. PHP configure line: './configure' \ '--with-apxs2=/usr/sbin/apxs' \ '--prefix=/usr' \ '--with-mysql=/usr' \ '--enable-safe-mode' \ '--enable-trans-sid' \ '--with-jpeg-dir=/usr' \ '--with-gd' \ '--with-zlib-dir=/usr' \ '--with-freetype-dir=/usr' \ Apache line: "./configure" \ "--enable-layout=RedHat" \ "--enable-mods-shared=most" \ "--enable-module=ssl" \ "--enable-ssl" \ "--with-ssl=/usr" \ "--enable-so" \ It's a mass-hosting Apache 2.0.54 server with many vhosts running the confixx tool. Here an example of 2 vhosts (generated by confixx): <VirtualHost xxx:80> ServerName xxx.de ServerAlias xxxx DocumentRoot /usr/local/httpd/htdocs/web405/html SuexecUserGroup web405 web405 php_admin_value open_basedir /usr/local/httpd/htdocs/web405/html/:/usr/local/httpd/htdocs/web405/phptmp/:/usr/local/httpd/htdocs/web405/files/:/usr/local/httpd/htdocs/web405/atd/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /usr/local/httpd/htdocs/web405/phptmp/ </VirtualHost> <VirtualHost xxx:80> ServerName xxx ServerAlias xxx DocumentRoot /usr/local/httpd/htdocs/web309/html SuexecUserGroup web309 web309 php_admin_value open_basedir /usr/local/httpd/htdocs/web309/html/:/usr/local/httpd/htdocs/web309/phptmp/:/usr/local/httpd/htdocs/web309/files/:/usr/local/httpd/htdocs/web309/atd/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /usr/local/httpd/htdocs/web309/phptmp/ <Directory "/usr/local/httpd/htdocs/web309/html/rsh"> Options FollowSymLinks SymLinksIfOwnerMatch </Directory> </VirtualHost> The /usr/local/httpd/htdocs path is a real directory, no symlinks. Now I open one of these virtual hosts via web-browser. That works. But if I try to open the second vhost: Warning: Unknown(): open_basedir restriction in effect. File(/usr/local/httpd/htdocs/web405/html/index.php) is not within the allowed path(s): (/usr/local/httpd/htdocs/web309/html/:/usr/local/httpd/htdocs/web309/phptmp/:/usr/local/httpd/htdocs/web309/files/:/usr/local/httpd/htdocs/web309/atd/) in Unknown on line 0 Warning: Unknown(/usr/local/httpd/htdocs/web405/html/index.php): failed to open stream: Operation not permitted in Unknown on line 0 Warning: (null)(): Failed opening '/usr/local/httpd/htdocs/web405/html/index.php' for inclusion (include_path='.') in Unknown on line 0 The second vhost uses the open_basedir settings from the first one. That's really strange. I tested this with PHP4.3.10/11 and the latest CVS snapshot. I upgraded the Fedora distribution and recompiled Apache+PHP. No success. Now I really didn't know what to do any more and so opened this bug report. If you need more information or debugging it's no problem since it's no production system yet. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33215&edit=1
