ID: 38799
Updated by: [EMAIL PROTECTED]
Reported By: chrysalis at chrysalisnet dot org
-Status: Open
+Status: Feedback
Bug Type: PHP options/info functions
Operating System: freebsd 6.x and 5.x
PHP Version: 4.4.4
New Comment:
What if you set it in php.ini instead of httpd.conf?
Previous Comments:
------------------------------------------------------------------------
[2006-09-13 19:58:08] chrysalis at chrysalisnet dot org
ok here is info your requested
include("/etc/passwd"); is the exact line I used in the php file, this
generates the following in the apache error_log for the vhost.
[Wed Sep 13 20:51:48 2006] [error] PHP Warning: main() [<a
href='function.main'>function.main</a>]: open_basedir restriction in
effect. File(/etc/passwd) is not within the allowed path(s):
(/home/chrysalis/:/tmp/:/var/www/:/var/uebimiau:/usr/local/lib/php/:/etc/virtual/:/usr/uebimiau)
in /home/chrysalis/domains/chrysalisnet.org/public_html/exploit.php on
line 17
[Wed Sep 13 20:51:48 2006] [error] PHP Warning: main(/etc/passwd) [<a
href='function.main'>function.main</a>]: failed to open stream:
Operation not permitted in
/home/chrysalis/domains/chrysalisnet.org/public_html/exploit.php on
line 17
this indicates to me open_basedir is in effect as its generating the
correct log entry but then the /etc/passwd is displayed in the browser
window.
in phpinfo I get the following data for open_basedir local value.
open_basedir
/home/chrysalis/:/tmp/:/var/www/:/var/uebimiau:/usr/local/lib/php/:/etc/virtual/:/usr/uebimiau
master value is the same with 1 extra dir /etc/awstats
url temporarily up for your conveniance
http://www.chrysalisnet.org/phpinfo.php
the master value is set in php.ini the local value is set in a vhost
container in httpd.conf using "php_admin_value open_basedir"
I checked the exact same script on php 5.1.5 which has the same php
settings other then php 5 specific settings and works as it should, I
am about to try with php 4.4.3 to see if that has the same behaviour.
------------------------------------------------------------------------
[2006-09-13 19:36:33] [EMAIL PROTECTED]
What you said is just "include "/etc/passwd" displays the contents of
this file".
Why do you think open_basedir is even set? What is the value? Where did
you set it? How did you set it? What is the value in phpinfo()? Did you
check it with other files?
I'll add more questions afterwards.
------------------------------------------------------------------------
[2006-09-13 19:02:46] chrysalis at chrysalisnet dot org
what other information do you need? its a very simple bug and easy to
test, the only think I havent done that is on the how to report page is
tested the cvs version. when I submitted the report I was told to add a
'brief' description of the problem so for that reason it wasnt detailed,
then I was asked to provide the code that you can test with also
provided and finally the php version and os version both supplied.
apache version is 1.3.37
php reccomended ini file used changes were open base dir and zone
optimiser and eaccelerator, however tried with both zend optimiser and
eaccelerator and the behaviour remained.
mysql version 4.1.x but this is just basic php code no database
involved.
------------------------------------------------------------------------
[2006-09-13 08:02:35] [EMAIL PROTECTED]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php
If you can provide more information, feel free to add it
to this bug and change the status back to "Open".
Thank you for your interest in PHP.
------------------------------------------------------------------------
[2006-09-13 01:16:30] chrysalis at chrysalisnet dot org
Description:
------------
open_basedir is not working on include eg. include("/etc/passwd");,
displays the appropriate denied in error log but doesnt actually block
the code and can access files outside of open_basedir.
Reproduce code:
---------------
<?
include("/etc/passwd");
?>
Expected result:
----------------
a blank page as what happens on php 5.1.5
Actual result:
--------------
it displays the full contents of the /etc/passwd file.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=38799&edit=1
