ID: 38670 Comment by: gbjbaanb at users dot sourceforge dot net Reported By: serokka at hrn dot ru Status: Open Bug Type: Apache2 related Operating System: FreeBSD 4.10 PHP Version: 4.4.4 New Comment:
I have Apache 2.0.59 with php 4.4.6 just installed and my sites, that worked fine with php_admin_value open_basedir /home/xxx/:/tmp/:xxx inside the vhost configuration now fail. This is on CentOS 4.4, x86_64. Quite serious? PHP has a reputation for insecure code, this is not good. Previous Comments: ------------------------------------------------------------------------ [2007-04-03 16:10:16] marcel dot prisi at virtua dot ch I got the exact same problem on a FreeBSD-5.5 / Apache-2.0.59 / php-4.4.6 (all from ports) Adding a trailing slash to session.save_path didn't help, I had to comment it from the virtualhost config in order to have the error go away. Quite serious I think ... ------------------------------------------------------------------------ [2007-03-14 13:02:05] david dot guenault at gmail dot com update my precedent post : if you simply add a trailing slash to session.save_path this will discard the problem. here is why : in safe_mode.c in the function php_checkuid_ex when mode argument is CHECKUID_ALLOW_ONLY_DIR at line 119 s = strrchr(filename, DEFAULT_SLASH); returns a pointer to the last occurrence of the character / in the string filename. if your path is like this /data1sys/phpsession the pointer is on the second slash not at the end of the path. The uid/gid check is made on the parent folder (/data1sys) not the real folder (/data1sys/phpsession). So when /data1sys is owned by a user that is different from the user running apache, the test fail. ------------------------------------------------------------------------ [2007-03-14 10:14:18] david dot guenault at gmail dot com first of all this is my environment >SLES 10 >Apache 2.0.59 >Php 4.4.6 I use virtual host to configure my different web sites like this <VirtualHost *:80> DocumentRoot /data1user/apache/domain.tld ServerName www.domain.tld ErrorLog /data1sys/journaux/apache/domain/error_log CustomLog /data1sys/journaux/apache/domain/access_log combined # specific php configuration for this virtual host php_admin_value doc_root /data1user/apache/domain.tld php_admin_value session.save_path /data1sys/phpsession_domain.tld php_admin_value file_uploads on php_admin_value upload_tmp_dir /data1sys/phpupload_domain.tld php_admin_value error_log /data1sys/journaux/apache/testphp/php_domain.tld.log </VirtualHost> I've noticied one interesting thing. before the error occure i check session.save_path => ok this is the right directory. When the error occure session.save_path back to the default value (aka /tmp). apache is running as user usrhttpd and group grphttpd. The top level directory for storing session is /data1sys and is owned by user root and group root. The directory used to store sessions is phpsession_domain.tld under /data1sys and is owned by usrhttpd:grphttpd. If i change /datasys group to grphttpd the error disapear. If i remove the directive php_admin_value session.save_path /data1sys/phpsession_domain.tld. from my vhost then all is going right. hope this help. ------------------------------------------------------------------------ [2007-03-09 07:18:31] mspado at hotmail dot com Forgot to say: A common thread to issues with this bug has been the use of 'php_admin_value upload_tmp_dir /xxx/xxx/xxx/tmp' M. ------------------------------------------------------------------------ [2007-03-09 07:10:51] mspado at hotmail dot com Hi, We've experienced this issue numerous times since rolling out Apache2 (2.2.3) with PHP 4 (4.4.2 - yes only 4.4.2 because of http://bugs.php.net/bug.php?id=40514) last week. Example error 1: Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 0/0 is not allowed to access /home/xx/xxx/xxxdomain.net/tmp owned by uid/gid 306628/100 in Unknown on line 0 Example error 2: The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later. -------------------------------------------------------------------------------- Only one top level element is allowed in an XML document. Error processing resource 'http://www.xxdomain.org/'. ... <b>Warning</b>: Unknown(): SAFE MODE Restriction in effect. The script whose uid/gid is 0/0 is not allowed to ... (cut off due to xml doc style error) Example error 3. This error is especially interesting because you can note that the requested file on yydomain and the allowed path of xxdomain (and no, its not a configuration error): *Warning*: Unknown(): open_basedir restriction in effect. File(/home/yy/yy/yydomain.com.au/public/www/admin/index.php) is not within the allowed path(s): (/home/xx/xx/xxdomain.org.au/:/usr/local/lib/php:/tmp/php_upload) in *Unknown* on line *0* This is a serious bug, we will have to roll back to Apache1. -- PHP PHP 4.4.2 (cli) (built: Feb 28 2007 17:14:01) Copyright (c) 1997-2006 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies -- Apache Server version: Apache/2.2.3 Server built: Feb 28 2007 16:59:03 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/usr/local/apache2" -D SUEXEC_BIN="/usr/local/apache2/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" -- OS Fedora Core Cannot pin it down to being limited to FC3 or FC5 or both. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/38670 -- Edit this bug report at http://bugs.php.net/?id=38670&edit=1
