ID: 38670 Comment by: marcel dot prisi at virtua dot ch Reported By: serokka at hrn dot ru Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.10 PHP Version: 4.4.4 New Comment:
I got the exact same problem on a FreeBSD-5.5 / Apache-2.0.59 / php-4.4.6 (all from ports) Adding a trailing slash to session.save_path didn't help, I had to comment it from the virtualhost config in order to have the error go away. Quite serious I think ... Previous Comments: ------------------------------------------------------------------------ [2007-03-14 13:02:05] david dot guenault at gmail dot com update my precedent post : if you simply add a trailing slash to session.save_path this will discard the problem. here is why : in safe_mode.c in the function php_checkuid_ex when mode argument is CHECKUID_ALLOW_ONLY_DIR at line 119 s = strrchr(filename, DEFAULT_SLASH); returns a pointer to the last occurrence of the character / in the string filename. if your path is like this /data1sys/phpsession the pointer is on the second slash not at the end of the path. The uid/gid check is made on the parent folder (/data1sys) not the real folder (/data1sys/phpsession). So when /data1sys is owned by a user that is different from the user running apache, the test fail. ------------------------------------------------------------------------ [2007-03-14 10:14:18] david dot guenault at gmail dot com first of all this is my environment >SLES 10 >Apache 2.0.59 >Php 4.4.6 I use virtual host to configure my different web sites like this <VirtualHost *:80> DocumentRoot /data1user/apache/domain.tld ServerName www.domain.tld ErrorLog /data1sys/journaux/apache/domain/error_log CustomLog /data1sys/journaux/apache/domain/access_log combined # specific php configuration for this virtual host php_admin_value doc_root /data1user/apache/domain.tld php_admin_value session.save_path /data1sys/phpsession_domain.tld php_admin_value file_uploads on php_admin_value upload_tmp_dir /data1sys/phpupload_domain.tld php_admin_value error_log /data1sys/journaux/apache/testphp/php_domain.tld.log </VirtualHost> I've noticied one interesting thing. before the error occure i check session.save_path => ok this is the right directory. When the error occure session.save_path back to the default value (aka /tmp). apache is running as user usrhttpd and group grphttpd. The top level directory for storing session is /data1sys and is owned by user root and group root. The directory used to store sessions is phpsession_domain.tld under /data1sys and is owned by usrhttpd:grphttpd. If i change /datasys group to grphttpd the error disapear. If i remove the directive php_admin_value session.save_path /data1sys/phpsession_domain.tld. from my vhost then all is going right. hope this help. ------------------------------------------------------------------------ [2007-03-09 07:18:31] mspado at hotmail dot com Forgot to say: A common thread to issues with this bug has been the use of 'php_admin_value upload_tmp_dir /xxx/xxx/xxx/tmp' M. ------------------------------------------------------------------------ [2007-03-09 07:10:51] mspado at hotmail dot com Hi, We've experienced this issue numerous times since rolling out Apache2 (2.2.3) with PHP 4 (4.4.2 - yes only 4.4.2 because of http://bugs.php.net/bug.php?id=40514) last week. Example error 1: Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 0/0 is not allowed to access /home/xx/xxx/xxxdomain.net/tmp owned by uid/gid 306628/100 in Unknown on line 0 Example error 2: The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later. -------------------------------------------------------------------------------- Only one top level element is allowed in an XML document. Error processing resource 'http://www.xxdomain.org/'. ... <b>Warning</b>: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 0/0 is not allowed to ... (cut off due to xml doc style error) Example error 3. This error is especially interesting because you can note that the requested file on yydomain and the allowed path of xxdomain (and no, its not a configuration error): *Warning*: Unknown(): open_basedir restriction in effect. File(/home/yy/yy/yydomain.com.au/public/www/admin/index.php) is not within the allowed path(s): (/home/xx/xx/xxdomain.org.au/:/usr/local/lib/php:/tmp/php_upload) in *Unknown* on line *0* This is a serious bug, we will have to roll back to Apache1. -- PHP PHP 4.4.2 (cli) (built: Feb 28 2007 17:14:01) Copyright (c) 1997-2006 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies -- Apache Server version: Apache/2.2.3 Server built: Feb 28 2007 16:59:03 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/usr/local/apache2" -D SUEXEC_BIN="/usr/local/apache2/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" -- OS Fedora Core Cannot pin it down to being limited to FC3 or FC5 or both. ------------------------------------------------------------------------ [2007-02-19 13:49:03] jos at webstekker dot nl The same problem exists when upgrading from 5.2.0 to 5.2.1 on Windows 2003 Server (web edition). safe_mode=on, safe_mode_gid=off: Warning: include() [function.include]: SAFE MODE Restriction in effect. The script whose uid is 1 is not allowed to access ./text/Home.txt owned by uid 0 in E:\wwwroot\test\Home.php on line 14 safe_mode=on, safe_mode_gid=on: Warning: include() [function.include]: SAFE MODE Restriction in effect. The script whose uid/gid is 1/1 is not allowed to access ./text/Home.txt owned by uid/gid 0/0 in E:\wwwroot\test\Home.php on line 14 This works fine in 5.2.0 without any changes to the server configuration. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/38670 -- Edit this bug report at http://bugs.php.net/?id=38670&edit=1
