ID: 31618 User updated by: kibab at icehouse dot net Reported By: kibab at icehouse dot net -Status: Feedback +Status: Open Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment:
Ok, here's a new "complete" example for you. First, we need to do some setup as this is based on permissions, ownership, and safe mode: cd <some directory in safe_mode_include_dir> # note, I used cd /usr/share/pear echo "TESTING" > commonfile.php chmod a+r commonfile.php Then: $ ls -l commonfile* -rw-rw-r-- 1 root root 8 Aug 10 10:54 commonfile.php And, permissions on the source PHP file in use: $ ls -l bug31618.php -rw-rw-r-- 1 kpederson financialaid 576 Aug 10 10:50 bug31618.php I used the following relevant settings: $ grep -iE "safe|include" /etc/php.ini | grep -v "^;" safe_mode = On safe_mode_gid = On safe_mode_include_dir = /usr/share/pear safe_mode_exec_dir = "/usr/local/php_exe/bin" safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH include_path = ".:/usr/share/pear/:/usr/share/pear/ewu_lib:/var/lib/php_secure" sql.safe_mode = Off Now, grab my PHP script from the following URL: http://www.ewu.edu/web/tools/bug31618.php.txt It's output looks like the following (as can be seen from http://www.ewu.edu/web/tools/bug31618.php): is_readable: /usr/share/pear/commonfile.php (false) TESTING Now, if I change the ownership to root:root (as I did for bug31618_2.php, eg. as seen by http://www.ewu.edu/web/tools/bug31618_2.php): is_readable: /usr/share/pear/commonfile.php (true) TESTING Thus, the results are based on ownership of the calling php script, not the file attempting to be read, despite being in safe_mode_include_dir. Previous Comments: ------------------------------------------------------------------------ [2005-08-08 19:56:08] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. ------------------------------------------------------------------------ [2005-05-19 06:14:33] kibab at icehouse dot net >From memory, all files were mode 664 and all directories had permissions of 775 being owned by root:root. However, I no longer have that same structure to prove that. If you like, I can setup an almost identical test case using the code that I included below (but using my new structure). ------------------------------------------------------------------------ [2005-05-17 17:18:48] [EMAIL PROTECTED] What are the permissions of all the directories in that path? (/var/lib/php_packages/) ------------------------------------------------------------------------ [2005-01-20 22:32:24] kibab at icehouse dot net Maybe this isn't directly related, but fopen($myfilename,"r") also fails, even though include($myfilename) works. Again, $myfilename is in the safe_mode_include_dir, so fopen should be able to open it. ------------------------------------------------------------------------ [2005-01-19 23:05:35] kibab at icehouse dot net Description: ------------ is_readable($myfilename) in the repro code returns true if the script calling it is owned by root, but false if it is owned by someone else. Permissions are: -rw-r--r-- 1 root root 5452 Jan 13 13:02 /var/lib/php_packages/test_templ2.php drwxr-xr-x 4 root root 4096 Jan 19 08:19 /var/lib/php_packages drwxr-xr-x 27 root root 4096 Jan 12 09:27 /var/lib drwxr-xr-x 24 root root 4096 Sep 22 13:06 /var drwxr-xr-x 20 root root 4096 Oct 29 09:48 / Relevant Settings: include_path = ".:/var/lib/php_packages:/var/lib/php_packages/pear" safe_mode = On safe_mode_gid = On safe_mode_include_dir = /var/lib/php_packages Reproduce code: --------------- #### test.php ### $myfilename = '/var/lib/php_packages/test_templ2.php'; if (is_readable($myfilename)) { echo "is_readable: $myfilename (true)<br>"; } else { echo "is_readable: $myfilename (false)<br>"; } include($myfilename); ### test_templ2.php ### TESTING! Expected result: ---------------- I would expect is_readable() to return true in both instances. The uid/gid check shouldn't matter despite safe mode, as the file is in safe_mode_include_dir, and even if it wasn't, the is_readable documentation says that it does NOT take into account safe_mode restrictions. Actual result: -------------- // When test.php has the following ownership: $ ls -l test.php -rw-rw-r-- 1 root root 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (true) TESTING! // When test.php has the following permissions: $ ls -l test.php -rw-rw-r-- 1 dschlegel79 undergradadmiss 278 Jan 19 13:16 test.php // I get the following output: is_readable: /var/lib/php_packages/test_templ2.php (false) TESTING! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31618&edit=1
