From: bgshea at gmail dot com Operating system: Linux 2.6 PHP version: 5.0.5 PHP Bug Type: Safe Mode/open_basedir Bug description: open_basedir allows one file in dir but not others further in
Description: ------------ [Sun Nov 20 00:36:12 2005] [error] [client 68.35.85.123] PHP Warning: readfile() [<a href='function.readfile'>function.readfile</a\ >]: open_basedir restriction in effect. File(/home/bgshea/g2data/cache/module/core/0/0/0.inc) is not within the allowed path(s): (/\ mnt/sdc1/pub/www/:/usr/local/php-5.0.5/lib/:/mnt/sdc1/home/:/mnt/sdc1/pub/webfiles/) in /mnt/sdc1/home/bgshea/webpage/fopen.php on \ line 12, referer: http://www.hackthebox.org/~bgshea/ NOTE: /home is a symlink to /mnt/sdc1/home This is my first bug report, so if this does not post right, I'm sorry. BTW: I've spent 5 hours trying to fix this, looked at all bugs related to open_basedir and could not figure this out. Reproduce code: --------------- //Test a file open under /home/ works $file=fopen("/home/bgshea/webpage/info.php", "r" ); fclose( $file ); //test a file read under /home/bgshea/g2data, works readfile( "/home/bgshea/g2data/install.log" ); //This should work, but fails. Why? no symlinks here. readfile("/home/bgshea/g2data/cache/module/core/0/0/0.inc"); open_basedir was set in httpd.conf to be /mnt/sdc1/pub/www/:/usr/local/php-5.0.5/lib/:/mnt/sdc1/home/:/mnt/sdc1/pub/webfiles/ Expected result: ---------------- /home/bgshea/g2data/cache/module/core/0/0/0.inc file should be opened Actual result: -------------- Error message reported in log file, php script is terminated -- Edit bug report at http://bugs.php.net/?id=35301&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=35301&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=35301&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=35301&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=35301&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=35301&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=35301&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=35301&r=needscript Try newer version: http://bugs.php.net/fix.php?id=35301&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=35301&r=support Expected behavior: http://bugs.php.net/fix.php?id=35301&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=35301&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=35301&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=35301&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35301&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=35301&r=dst IIS Stability: http://bugs.php.net/fix.php?id=35301&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=35301&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=35301&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=35301&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=35301&r=mysqlcfg
