ID: 38799
User updated by: chrysalis at chrysalisnet dot org
Reported By: chrysalis at chrysalisnet dot org
-Status: Feedback
+Status: Open
Bug Type: PHP options/info functions
Operating System: freebsd 6.x and 5.x
PHP Version: 4.4.4
New Comment:
ok the modules are now disabled, its already set in php.ini I believed
this is just for the master value?
Or do you want it completely removed from the vhost container so there
is only a master value?
Previous Comments:
------------------------------------------------------------------------
[2006-09-13 20:08:37] [EMAIL PROTECTED]
And please disable (temporarily) eAccelerator and all other modules
which affect PHP functionality.
------------------------------------------------------------------------
[2006-09-13 20:07:28] [EMAIL PROTECTED]
What if you set it in php.ini instead of httpd.conf?
------------------------------------------------------------------------
[2006-09-13 19:58:08] chrysalis at chrysalisnet dot org
ok here is info your requested
include("/etc/passwd"); is the exact line I used in the php file, this
generates the following in the apache error_log for the vhost.
[Wed Sep 13 20:51:48 2006] [error] PHP Warning: main() [<a
href='function.main'>function.main</a>]: open_basedir restriction in
effect. File(/etc/passwd) is not within the allowed path(s):
(/home/chrysalis/:/tmp/:/var/www/:/var/uebimiau:/usr/local/lib/php/:/etc/virtual/:/usr/uebimiau)
in /home/chrysalis/domains/chrysalisnet.org/public_html/exploit.php on
line 17
[Wed Sep 13 20:51:48 2006] [error] PHP Warning: main(/etc/passwd) [<a
href='function.main'>function.main</a>]: failed to open stream:
Operation not permitted in
/home/chrysalis/domains/chrysalisnet.org/public_html/exploit.php on
line 17
this indicates to me open_basedir is in effect as its generating the
correct log entry but then the /etc/passwd is displayed in the browser
window.
in phpinfo I get the following data for open_basedir local value.
open_basedir
/home/chrysalis/:/tmp/:/var/www/:/var/uebimiau:/usr/local/lib/php/:/etc/virtual/:/usr/uebimiau
master value is the same with 1 extra dir /etc/awstats
url temporarily up for your conveniance
http://www.chrysalisnet.org/phpinfo.php
the master value is set in php.ini the local value is set in a vhost
container in httpd.conf using "php_admin_value open_basedir"
I checked the exact same script on php 5.1.5 which has the same php
settings other then php 5 specific settings and works as it should, I
am about to try with php 4.4.3 to see if that has the same behaviour.
------------------------------------------------------------------------
[2006-09-13 19:36:33] [EMAIL PROTECTED]
What you said is just "include "/etc/passwd" displays the contents of
this file".
Why do you think open_basedir is even set? What is the value? Where did
you set it? How did you set it? What is the value in phpinfo()? Did you
check it with other files?
I'll add more questions afterwards.
------------------------------------------------------------------------
[2006-09-13 19:02:46] chrysalis at chrysalisnet dot org
what other information do you need? its a very simple bug and easy to
test, the only think I havent done that is on the how to report page is
tested the cvs version. when I submitted the report I was told to add a
'brief' description of the problem so for that reason it wasnt detailed,
then I was asked to provide the code that you can test with also
provided and finally the php version and os version both supplied.
apache version is 1.3.37
php reccomended ini file used changes were open base dir and zone
optimiser and eaccelerator, however tried with both zend optimiser and
eaccelerator and the behaviour remained.
mysql version 4.1.x but this is just basic php code no database
involved.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/38799
--
Edit this bug report at http://bugs.php.net/?id=38799&edit=1
