#34050 [Opn->Fbk]: safe_mode_include_dir isn't honored

Thu, 11 Aug 2005 15:32:08 -0700 

 ID:               34050
 Updated by:       [EMAIL PROTECTED]
 Reported By:      wolfram at schlich dot org
-Status:           Open
+Status:           Feedback
 Bug Type:         Safe Mode/open_basedir
 Operating System: Linux 2.6.12-gentoo-r4 x86_64
 PHP Version:      5CVS-2005-08-09 (dev)
 New Comment:

Can't reproduce.
Make sure that /usr/lib/php/Smarty (or any of it's parent dirs) is not
a symbolic link. 


Previous Comments:
------------------------------------------------------------------------

[2005-08-09 18:16:23] wolfram at schlich dot org

then the comment above safe_mode_include_dir is silly:

; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)

it says "UID/GID checks are bypassed", so why should I enable
safe_mod_gid then?

I even tried that, result:
--8<--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid/gid is 667/888 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid/gid 0/0 in
/home/wschlich/public_html/smartytest/class.MySmarty.inc.php on line
27
--8<--

------------------------------------------------------------------------

[2005-08-09 18:09:19] [EMAIL PROTECTED]

; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.


------------------------------------------------------------------------

[2005-08-09 16:56:52] wolfram at schlich dot org

Description:
------------
when safe_mode is active, I want to be able to include files from
certain directories without checking for their UID/GID.

Reproduce code:
---------------
--8<--[ php.ini ]--8<--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = "/usr/share/php/:/usr/lib/php/"
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8<--[ apache vhost config ]--8<--
php_value include_path ".:/usr/share/php:/usr/lib/php"
--8<--[ sample php script ]--8<--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8<--

Expected result:
----------------
included file, no error message.

Actual result:
--------------
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=34050&edit=1

Reply via email to