#36297 [Bgs]: Bypass open_basedir on windows

Sun, 05 Feb 2006 11:47:25 -0800 

 ID:               36297
 User updated by:  smartgenius1 at yahoo dot com
 Reported By:      smartgenius1 at yahoo dot com
 Status:           Bogus
 Bug Type:         Safe Mode/open_basedir
 Operating System: Windows
 PHP Version:      5.1.2
 New Comment:

Sir, you must not be reading it correctly.

I have open_basedir set to "."; which should only allow functions to
access files in the current directory and under.

I am able to change the directory to an above directory with chdir();
that is NOT a file in the cwd or lower.

I can have a script working in

System/Files/script.php

with open_basedir set to "."; I cannot do

include("../anyfile.php");
file("../anyfile.php");

or any other thing that access the above directory...

so why can I do

chdir("../");
include("anyfile.php");

?

The chdir() function should check to make sure that the directory
argument is within the allowed paths of open_basedir; which it doesnt.

Hope this clarifys my concern.

~Sean


Previous Comments:
------------------------------------------------------------------------

[2006-02-05 20:41:55] [EMAIL PROTECTED]

What Derick said.

------------------------------------------------------------------------

[2006-02-05 20:30:45] smartgenius1 at yahoo dot com

I said i can reach UPPER LEVEL directories. (../)

Any other file system functions wont let me do that. Just chdir().

------------------------------------------------------------------------

[2006-02-05 20:29:05] [EMAIL PROTECTED]

No bug here.

------------------------------------------------------------------------

[2006-02-05 20:28:27] [EMAIL PROTECTED]

And what if you try to set it to the real path instead of "."?
I doubt that PHP is able to distinguish "." when you're in /path/1 from
"." when you're in "/another/path".

------------------------------------------------------------------------

[2006-02-05 20:27:52] [EMAIL PROTECTED]

Well.... "." is the current working directory, so ofcourse you can read
it then...

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/36297

-- 
Edit this bug report at http://bugs.php.net/?id=36297&edit=1

Reply via email to