ID: 24521 Updated by: [EMAIL PROTECTED] -Summary: chdir() ignores php_admin_value open_basedir Reported By: jjarven at softers dot net Status: Open Bug Type: Documentation problem -Operating System: Linux 2.4.18 +Operating System: Windows XP PHP Version: 4.3.2 New Comment:
Due to the nature of a 'system call' this is technically not possible for php (or any other application). You have to rely on system security here. Previous Comments: ------------------------------------------------------------------------ [2003-07-07 06:26:04] jjarven at softers dot net Unless safe_mode is enabled, at least system-function is able to go where-ever wants to (well, within httpd's access rights). I think it would be nice also to restrict system (exec, etc)-functions, without using safe_mode. ------------------------------------------------------------------------ [2003-07-07 05:53:44] [EMAIL PROTECTED] It might be nice to mention this in the docs too. :) ------------------------------------------------------------------------ [2003-07-07 05:50:15] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php open_basedir restricts opening files. If that is working then there is no bug here at all. ------------------------------------------------------------------------ [2003-07-07 05:42:35] jjarven at softers dot net Description: ------------ Apache 1.3.27 httpd.conf: php_admin_value open_basedir /home/www/ - phpinfo() reports local value in effect to be /home/www/ Reproduce code: --------------- chdir('/etc'); echo getcwd(); Expected result: ---------------- "open_basedir restriction in effect" Actual result: -------------- Will output: /etc I tested opendir(), readdir() and readfile() and they behave correctly, thus are not able to read anything outside open_basedir. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24521&edit=1 -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
