Fail.
open_basedir can as of 5.3.0 be set at run time to tighten the path.
I.e. if open_basedir=/usr/local in php.ini you can
ini_set("open_basedir", "/usr/local/bin") at runtime.
trying to remove stuff from open_basedir (i.e. ini_set("open_basedir",
"/usr");) fails.
-Hannes
On Tue, Dec 9, 2008 at 11:20, Hannes Magnusson <[EMAIL PROTECTED]> wrote:
> bjori Tue Dec 9 10:20:11 2008 UTC
>
> Added files: (Branch: PHP_5_3)
> /php-src/ext/standard/tests/directory open_basedir_001.phpt
>
> Modified files:
> /php-src NEWS
> /php-src/main fopen_wrappers.c fopen_wrappers.h
> Log:
> MFH: - Changed open_basedir to allow tightening in runtime contexts. (Sara)
> - Add test
>
>
>
> http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.965.2.405&r2=1.2027.2.547.2.965.2.406&diff_format=u
> Index: php-src/NEWS
> diff -u php-src/NEWS:1.2027.2.547.2.965.2.405
> php-src/NEWS:1.2027.2.547.2.965.2.406
> --- php-src/NEWS:1.2027.2.547.2.965.2.405 Tue Dec 9 10:12:21 2008
> +++ php-src/NEWS Tue Dec 9 10:20:11 2008
> @@ -3,6 +3,7 @@
> ?? ??? 200?, PHP 5.3.0 Alpha 4
> - Changed opendir/dir/scandir to use default context
> when no context argument is passed. (Sara)
> +- Changed open_basedir to allow tightening in runtime contexts. (Sara)
>
> - Fixed bug #46811 ini_set() doesn't return false on failure. (Hannes)
>
> http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.175.2.3.2.13.2.13&r2=1.175.2.3.2.13.2.14&diff_format=u
> Index: php-src/main/fopen_wrappers.c
> diff -u php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.13
> php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.14
> --- php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.13 Mon Aug 11 15:33:02
> 2008
> +++ php-src/main/fopen_wrappers.c Tue Dec 9 10:20:11 2008
> @@ -17,7 +17,7 @@
> +----------------------------------------------------------------------+
> */
>
> -/* $Id: fopen_wrappers.c,v 1.175.2.3.2.13.2.13 2008/08/11 15:33:02 lbarnaud
> Exp $ */
> +/* $Id: fopen_wrappers.c,v 1.175.2.3.2.13.2.14 2008/12/09 10:20:11 bjori Exp
> $ */
>
> /* {{{ includes
> */
> @@ -79,6 +79,62 @@
> #endif
> /* }}} */
>
> +/* {{{ OnUpdateBaseDir
> +Allows any change to open_basedir setting in during Startup and Shutdown
> events,
> +or a tightening during activation/runtime/deactivation */
> +PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
> +{
> + char **p, *pathbuf, *ptr, *end;
> +#ifndef ZTS
> + char *base = (char *) mh_arg2;
> +#else
> + char *base = (char *) ts_resource(*((int *) mh_arg2));
> +#endif
> +
> + p = (char **) (base + (size_t) mh_arg1);
> +
> + if (stage == PHP_INI_STAGE_STARTUP || stage ==
> PHP_INI_STAGE_SHUTDOWN) {
> + /* We're in a PHP_INI_SYSTEM context, no restrictions */
> + *p = new_value;
> + return SUCCESS;
> + }
> +
> + /* Otherwise we're in runtime */
> + if (!*p || !**p) {
> + /* open_basedir not set yet, go ahead and give it a value */
> + *p = new_value;
> + return SUCCESS;
> + }
> +
> + /* Shortcut: When we have a open_basedir and someone tries to unset,
> we know it'll fail */
> + if (!new_value || !*new_value) {
> + return FAILURE;
> + }
> +
> + /* Is the proposed open_basedir at least as restrictive as the
> current setting? */
> + ptr = pathbuf = estrdup(new_value);
> + while (ptr && *ptr) {
> + end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
> + if (end != NULL) {
> + *end = '\0';
> + end++;
> + }
> + if (php_check_open_basedir_ex(ptr, 0 TSRMLS_CC) != 0) {
> + /* At least one portion of this open_basedir is less
> restrictive than the prior one, FAIL */
> + efree(pathbuf);
> + return FAILURE;
> + }
> + ptr = end;
> + }
> + efree(pathbuf);
> +
> + /* Everything checks out, set it */
> + *p = new_value;
> +
> + return SUCCESS;
> +}
> +/* }}} */
> +
> /* {{{ php_check_specific_open_basedir
> When open_basedir is not NULL, check if the given filename is located
> in
> open_basedir. Returns -1 if error or not in the open_basedir, else 0.
> http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.h?r1=1.44.2.1.2.2.2.4&r2=1.44.2.1.2.2.2.5&diff_format=u
> Index: php-src/main/fopen_wrappers.h
> diff -u php-src/main/fopen_wrappers.h:1.44.2.1.2.2.2.4
> php-src/main/fopen_wrappers.h:1.44.2.1.2.2.2.5
> --- php-src/main/fopen_wrappers.h:1.44.2.1.2.2.2.4 Mon Aug 11 15:33:02
> 2008
> +++ php-src/main/fopen_wrappers.h Tue Dec 9 10:20:11 2008
> @@ -16,13 +16,14 @@
> +----------------------------------------------------------------------+
> */
>
> -/* $Id: fopen_wrappers.h,v 1.44.2.1.2.2.2.4 2008/08/11 15:33:02 lbarnaud Exp
> $ */
> +/* $Id: fopen_wrappers.h,v 1.44.2.1.2.2.2.5 2008/12/09 10:20:11 bjori Exp $
> */
>
> #ifndef FOPEN_WRAPPERS_H
> #define FOPEN_WRAPPERS_H
>
> BEGIN_EXTERN_C()
> #include "php_globals.h"
> +#include "php_ini.h"
>
> PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC);
> PHPAPI char *expand_filepath(const char *filepath, char *real_path
> TSRMLS_DC);
> @@ -39,6 +40,8 @@
> PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode,
> const char *path, char **opened_path TSRMLS_DC);
>
> PHPAPI char *php_strip_url_passwd(char *path);
> +
> +PHPAPI ZEND_INI_MH(OnUpdateBaseDir);
> END_EXTERN_C()
>
> #endif
>
> http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/directory/open_basedir_001.phpt?view=markup&rev=1.1
> Index: php-src/ext/standard/tests/directory/open_basedir_001.phpt
> +++ php-src/ext/standard/tests/directory/open_basedir_001.phpt
>
>
>
> --
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
