ID: 24604 Comment by: thorsten at rinne dot info Reported By: timo dot hummel at 4fb dot de Status: Open Bug Type: Documentation problem Operating System: SuSE Linux 8.2 Linux 2.4.19 PHP Version: Irrelevant New Comment:
Hi, using PHP as CGI with suPHP (www.suphp.org) there are no problems: -rw-r--r-- 1 thorsten users 195 Jan 20 22:01 test.php Then running test.php... Result: drwxr-xr-x 2 thorsten users 4096 Jan 20 22:03 test -rw-r--r-- 1 thorsten users 195 Jan 20 22:01 test.php It would be nice if this would work with mod_php! bye Thorsten Previous Comments: ------------------------------------------------------------------------ [2003-12-28 06:32:42] s9608273 at student dot utwente dot nl Dir 20031228122842 made with function mkdir() (uid/gid : 101:100) This is the effect when moving uploaded file to this dir. Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid/gid is 507/507 is not allowed to access /home/..../uploadedFiles/20031228122842 owned by uid/gid 101/100 in ... Maybe all file operations can be performed as the user which owns the script. ------------------------------------------------------------------------ [2003-11-11 23:36:49] ndhuyvu at yahoo dot com drwxrwxrwx 2 32533 bcdt 4096 Oct 23 20:48 10 drwxrwxrwx 2 99 99 4096 Nov 11 22:25 19 drwxrwxrwx 2 99 99 4096 Nov 11 22:32 20 drwxrwxrwx 2 32533 bcdt 4096 Oct 23 20:47 4 drwxrwxrwx 2 32533 bcdt 4096 Nov 5 23:07 5 drwxrwxrwx 2 32533 bcdt 4096 Oct 23 20:47 6 drwxrwxrwx 2 32533 bcdt 4096 Oct 23 20:47 9 FTP LOGIN -> Create Dir -> is OK drwxrwxrwx 2 32533 bcdt 4096 Oct 23 20:47 9 But :-( When create Dir in php code mkdir($datapath.$ID,0777); or chmod($datapath.$ID,0777); mkdir($datapath.$ID,0777); result: drwxrwxrwx 2 99 99 4096 Nov 11 22:32 20 ------------------------------------------------------------------------ [2003-11-06 12:22:40] timo dot hummel at 4fb dot de >Use cgi-php. >And no such problems at all. Tell that 99% of all internet hosters. They just won't do it - for certain reasons. And there will be problems - just read my bug report again why this is not revelant to cgi-php. >They _NEVER_ do this. Because to change user, >process must be owned by >root. It's mean no security. Not necessarly. I suggested to change the safe mode logic, not the creator to create directories. >My opinion - not needed. Just read aboud mod_php. >It's always run as apache user. Yes, but again: Read my bug report carefully. Try it out yourself. If you know about how unix and linux systems are setup, you'll quickly discover why it fails. Also remember: Most providers provide PHP, but only uploads via FTP. Thus, the user id's with which people upload files don't match the user id of the webserver in most cases. >File_uploads can working with 'chuid' script, for example. Most providers also don't do this. What you are recommending here are workarounds, but not solutions. >Just turn safe_mode OFF and disable system, popen, >exec... functions Again, Providers turn on SAFE_MODE because they think they make PHP secure - but in fact, they are disabling file operations via the web and 3rd party software (i.e. all scripts you can get on the web) pretty useless. Or to use plain words: "Heck, I can create a directory but I cannot write to it afterwards?" ------------------------------------------------------------------------ [2003-11-03 12:55:54] roman at compic dot ee Use cgi-php. And no such problems at all. 1.) Modify the SAFE_MODE concept to become consistent. They _NEVER_ do this. Because to change user, process must be owned by root. It's mean no security. 2.) Modify the documentation of SAFE_MODE and all related file/directory functions that for the proper operation of file and directory functions, the owner and executor have to be the same user. My opinion - not needed. Just read aboud mod_php. It's always run as apache user. The above problems are one reason why most PHP content management systems recommend to turn SAFE_MODE off in order to make file uploads working. File_uploads can working with 'chuid' script, for example. Just turn safe_mode OFF and disable system, popen, exec... functions ------------------------------------------------------------------------ [2003-07-11 08:32:33] timo dot hummel at 4fb dot de Description: ------------ Hello bug processors, please read the following bug report carefully, as it makes file and directory operations completely useless. At the end of this report, you find recommendations about what we should do. Take a breath, it's quite a bunch of stuff to read and understand. Remember that the following is only an example, but which could be applied to almost every system running PHP with SAFE_MODE and where scripts need to perform file and directory operations. As you might all know, providers tend to host multiple domains on a single machine. In the example, Apache runs as the system user "wwwrun", and we have a client user which has the system user "client". We have the following script: <?php mkdir("test"); ?> in the htdocs directory of the webserver: -rw-r--r-- 1 client users 24 test.php given the fact that the directory where test.php resides is owned by "client", test.php was called via the web and SAFE_MODE is on, the following happens: - the directory "test" will be created - the directory "test" has the owner "wwwrun" - any further operations with the directory "test" will fail since SAFE_MODE is on and don't allow any operations on files and/or directories not owned by the owner of the script This introduces another problem: move_uploaded_file will fail in the above scenario. The htdocs directory of "client" is writable and owned by "client". If now a file is uploaded, it is stored in the PHP_TEMP_DIR specified in the php.ini with the user "wwwrun", thus making "move_uploaded_file" fail if it should be moved to the htdocs-directory of "client". The big problem with the SAFE_MODE of PHP is maybe a communications problem, but I try to propose a few solutions: 1.) Modify the SAFE_MODE concept to become consistent. I.e. if a directory is created with a script owned by "client", the new directory should also belong to "client" instead of wwwrun, or SAFE_MODE shouldn't check the owner of the script, but rather the executor of the script. 2.) Modify the documentation of SAFE_MODE and all related file/directory functions that for the proper operation of file and directory functions, the owner and executor have to be the same user. 3.) Modify the documentation of SAFE_MODE and all related file/directory functions that for the proper operation of file and directory functions in a multi-user/single-executor scenario, safe_mode_gid should be set, including the correct group rights. The above problems are one reason why most PHP content management systems recommend to turn SAFE_MODE off in order to make file uploads working. The issue was tested with many PHP-Versions on many different systems (altough I haven't tried PHP 5.0 yet), but I'm looking forward to see the issue resolved in any way in the future. best regards, Timo ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24604&edit=1