Re: [PHP-DEV] open_basedir bypass - errata tempnam()
On 09/28/2011 02:39 AM, Reindl Harald wrote: PLEASE REPLY ONLY TO THE LIST Please provide a short (10 lines max) but complete reproduce script. At the moment your explanations do not make any sense. -- Wbr, Antony Dovgal --- http://pinba.org - realtime profiling for PHP -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Am 28.09.2011 08:01, schrieb Antony Dovgal:
On 09/28/2011 02:39 AM, Reindl Harald wrote:
PLEASE REPLY ONLY TO THE LIST
Please provide a short (10 lines max) but complete reproduce script.
At the moment your explanations do not make any sense.
what do you think was the content of my last mail where you quoted only
a part of the mailing-list-manual? this was code directly from the
library where te problem exists, well i will help you to complete a
5-liner to make its wrong permissions and replace a class-var
what exactly does not make sense?
* /tmp MUST NOT be in open_basedir
* the temp-folder must be read only
* QUESTION1: why is tempnam() falling back to a dir outside open_basedir?
* QUESTION2: why is tempnam() creating a file OUTSIDE open_basedir?
* QUESTION3: why is there no error-msg taht $dir is readonly instead unexpected
fallback
?php
$temp_folder = dirname(__FILE__) . '/temp/';
mkdir($temp_folder);
chmod($temp_folder, 0555);
$tmp_name = str_replace(\\, '/', tempnam($temp_folder, 'rhcsv'));
$fp = fopen($tmp_name, 'wb+');
if($fp)
{
flock($fp, LOCK_EX);
fwrite($fp, 'test');
flock($fp, LOCK_UN);
fclose($fp);
}
?
Warning: fopen() [function.fopen.php]: open_basedir restriction in effect.
File(/tmp/rhcsv5f9RIs) is not within the
allowed path(s):
(/mnt/data/www/beta.rhsoft.net:/Volumes/dune/www-servers/phpincludes:/var/www/uploadtemp)
in
/mnt/data/www/beta.rhsoft.net/tempname.php on line 6
Warning: fopen(/tmp/rhcsv5f9RIs) [function.fopen.php]: failed to open stream:
Operation not permitted in
/mnt/data/www/beta.rhsoft.net/tempname.php on line 6
[harry@srv-rhsoft:~]$ stat /tmp/rhcsv5f9RIs
Datei: „/tmp/rhcsv5f9RIs“
Größe: 0 Blöcke: 0 EA Block: 4096 reguläre leere Datei
Gerät: 809h/2057d Inode: 48 Verknüpfungen: 1
Zugriff: (0600/-rw---) Uid: ( 48/ apache) Gid: ( 48/ apache)
Zugriff: 2011-09-28 08:58:01.046916064 +0200
Modifiziert: 2011-09-28 08:58:01.046916064 +0200
Geändert : 2011-09-28 08:58:01.046916064 +0200
signature.asc
Description: OpenPGP digital signature
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
On Wed, Sep 28, 2011 at 9:02 AM, Reindl Harald h.rei...@thelounge.net wrote: $tmp_name = str_replace(\\, '/', tempnam($temp_folder, 'rhcsv')); Side note: this is never necessary, php does it for you. Unless you store paths yourself before calling a php file function. -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Am 28.09.2011 09:28, schrieb Pierre Joye: On Wed, Sep 28, 2011 at 9:02 AM, Reindl Harald h.rei...@thelounge.net wrote: $tmp_name = str_replace(\\, '/', tempnam($temp_folder, 'rhcsv')); Side note: this is never necessary, php does it for you. Unless you store paths yourself before calling a php file function i know this is my way to make sure that even on windows there are never backslashes used and probably translations from realpaths to urls are failing because of that signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
hi, On Wed, Sep 28, 2011 at 9:02 AM, Reindl Harald h.rei...@thelounge.net wrote: First, all you need to test is: $tempfile = tempnam($temp_folder, 'rhcsv'); $fp = fopen($tempfile , 'w'); * /tmp MUST NOT be in open_basedir * the temp-folder must be read only * QUESTION1: why is tempnam() falling back to a dir outside open_basedir? * QUESTION2: why is tempnam() creating a file OUTSIDE open_basedir? The flow can be easily seen here: http://lxr.php.net/opengrok/xref/PHP_5_4/ext/standard/file.c#798 http://lxr.php.net/xref/PHP_5_4/main/php_open_temporary_file.c#php_do_open_temporary_file * QUESTION3: why is there no error-msg taht $dir is readonly instead unexpected fallback It is how it always work for temp files. Configure the temp directories correctly is the way to go (set the TMP). As far as I remember there was a discussion about temp directories and open base dir a while back, maybe you can find some additional info in it. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Am 28.09.2011 10:46, schrieb Pierre Joye: hi, On Wed, Sep 28, 2011 at 9:02 AM, Reindl Harald h.rei...@thelounge.net wrote: First, all you need to test is: $tempfile = tempnam($temp_folder, 'rhcsv'); $fp = fopen($tempfile , 'w'); * /tmp MUST NOT be in open_basedir * the temp-folder must be read only * QUESTION1: why is tempnam() falling back to a dir outside open_basedir? * QUESTION2: why is tempnam() creating a file OUTSIDE open_basedir? The flow can be easily seen here: http://lxr.php.net/opengrok/xref/PHP_5_4/ext/standard/file.c#798 http://lxr.php.net/xref/PHP_5_4/main/php_open_temporary_file.c#php_do_open_temporary_file * QUESTION3: why is there no error-msg taht $dir is readonly instead unexpected fallback It is how it always work for temp files. Configure the temp directories correctly is the way to go (set the TMP). As far as I remember there was a discussion about temp directories and open base dir a while back, maybe you can find some additional info in it. but it is wrong to create a file outside the open_basedir especially if a full qualified directory was passed where it should be created without any param /tmp is right but not as magical fallback and in my opinion a well desigend webapp should never touch global /tmp shared with other hosts and applications signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
On Wed, Sep 28, 2011 at 10:50 AM, Reindl Harald h.rei...@thelounge.net wrote: but it is wrong to create a file outside the open_basedir especially if a full qualified directory was passed where it should be created Forgot to mention that this behavior is clearly documented: http://www.php.net/tempnam So it is not sure that we will fix that any time soon. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Am 28.09.2011 10:53, schrieb Pierre Joye: On Wed, Sep 28, 2011 at 10:50 AM, Reindl Harald h.rei...@thelounge.net wrote: without any param /tmp is right but not as magical fallback and in my opinion a well desigend webapp should never touch global /tmp shared with other hosts and applications Well, a well configured shared host has correct temporary directory set. In any case, please open a bug at bugs.php.net so we can follow this possible more closely. Please use the very simply script I use as it is all we need to debug it. well, temporary directory must not matter if path is explicit passed via param https://bugs.php.net/bug.php?id=55804 Forgot to mention that this behavior is clearly documented: http://www.php.net/tempnam So it is not sure that we will fix that any time soon. documentation makes wrong behavior not right fact is that a php-function must not create files outside open_basedir with only two eexceptions which are for security reasons * session save path (must not be in open_basedir) * upload dir (must not be in open_basedir) signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
On Wed, Sep 28, 2011 at 00:39, Reindl Harald h.rei...@thelounge.net wrote: PLEASE REPLY ONLY TO THE LIST PLEASE READ THE POSTING GUIDELINES BEFORE SCREAMING: http://se.php.net/mailing-lists.php Be sure to click Reply-All to reply to list. Clicking Reply will email the author of the message privately. -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Am 28.09.2011 16:19, schrieb Hannes Magnusson: On Wed, Sep 28, 2011 at 00:39, Reindl Harald h.rei...@thelounge.net wrote: PLEASE REPLY ONLY TO THE LIST PLEASE READ THE POSTING GUIDELINES BEFORE SCREAMING: http://se.php.net/mailing-lists.php please configure the mailing-list correct please add a hint that modern clients have a reply-to-list please add a hint that the sender should be removed after reply-all because internals@lists.php.net is reaching the list AND the sender of the post where you write your answer Be sure to click Reply-All to reply to list. Clicking Reply will email the author of the message privately. well if there would be used Reply-To-Headers tell me ONE reason to get every answer twice using reply-to-list will only answer to the mailinglist this is why the following headers exists list-help: mailto:internals-h...@lists.php.net list-unsubscribe: mailto:internals-unsubscr...@lists.php.net list-post: mailto:internals@lists.php.net List-Id: internals.lists.php.net signature.asc Description: OpenPGP digital signature
[PHP-DEV] Mailing list handling (was: Re: [PHP-DEV] open_basedir bypass - errata tempnam())
On Wed, 2011-09-28 at 16:42 +0200, Reindl Harald wrote: Am 28.09.2011 16:19, schrieb Hannes Magnusson: On Wed, Sep 28, 2011 at 00:39, Reindl Harald h.rei...@thelounge.net wrote: PLEASE REPLY ONLY TO THE LIST PLEASE READ THE POSTING GUIDELINES BEFORE SCREAMING: http://se.php.net/mailing-lists.php please configure the mailing-list correct It is configured correctly. please add a hint that the sender should be removed after reply-all because internals@lists.php.net is reaching the list AND the sender of the post where you write your answer I want to receive two copies. Be sure to click Reply-All to reply to list. Clicking Reply will email the author of the message privately. well if there would be used Reply-To-Headers tell me ONE reason to get every answer twice One copy goes to my inbox. The other one goes to the mailing list specific folder. A mail in my inbox tells me that's it is likely that I want to read it with higher priority than the list folder does. An answer to a discussion I participated has higher priority than other discussions. This all isn't part of the discussion from this thread, though. johannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
please configure the mailing-list correct please add a hint that modern clients have a reply-to-list for the record, I don't have that in gmail. please add a hint that the sender should be removed after reply-all because internals@lists.php.net is reaching the list AND the sender of the post where you write your answer and what if the sender is not subscribed to the list? Be sure to click Reply-All to reply to list. Clicking Reply will email the author of the message privately. well if there would be used Reply-To-Headers tell me ONE reason to get every answer twice I don't get two emails in gmail, I don't know that the list is smart enough to not send emails those who are to or cc'ed, or maybe it's a gmail feature. using reply-to-list will only answer to the mailinglist this is why the following headers exists list-help: mailto:internals-h...@lists.php.net list-unsubscribe: mailto:internals-unsubscr...@lists.php.net list-post: mailto:internals@lists.php.net List-Id: internals.lists.php.net thats not the main reason why those headers exists AFAIK, but I agree that it could be used for reply-to-list as I mentioned before, nobody knows every participant in the list, so if you reply someone, it is better to not only send it to the list.but to that person also, because you don't know that he is on the list or not. -- Ferenc Kovács @Tyr43l - http://tyrael.hu -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Reindl, please read http://www.unicom.com/pw/reply-to-harmful.html The list is configured correctly. On 09/28/2011 07:42 AM, Reindl Harald wrote: Am 28.09.2011 16:19, schrieb Hannes Magnusson: On Wed, Sep 28, 2011 at 00:39, Reindl Harald h.rei...@thelounge.net wrote: PLEASE REPLY ONLY TO THE LIST PLEASE READ THE POSTING GUIDELINES BEFORE SCREAMING: http://se.php.net/mailing-lists.php please configure the mailing-list correct please add a hint that modern clients have a reply-to-list please add a hint that the sender should be removed after reply-all because internals@lists.php.net is reaching the list AND the sender of the post where you write your answer Be sure to click Reply-All to reply to list. Clicking Reply will email the author of the message privately. well if there would be used Reply-To-Headers tell me ONE reason to get every answer twice using reply-to-list will only answer to the mailinglist this is why the following headers exists list-help: mailto:internals-h...@lists.php.net list-unsubscribe: mailto:internals-unsubscr...@lists.php.net list-post: mailto:internals@lists.php.net List-Id: internals.lists.php.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Am 28.09.2011 17:03, schrieb Ferenc Kovacs: please configure the mailing-list correct please add a hint that modern clients have a reply-to-list for the record, I don't have that in gmail. please add a hint that the sender should be removed after reply-all because internals@lists.php.net is reaching the list AND the sender of the post where you write your answer and what if the sender is not subscribed to the list? then he can usually not send to a list I don't get two emails in gmail, I don't know that the list is smart enough to not send emails those who are to or cc'ed, or maybe it's a gmail feature. you get them not if the person who answered was smart enough to use reply to list or deleted the second address using reply-to-list will only answer to the mailinglist this is why the following headers exists list-help: mailto:internals-h...@lists.php.net list-unsubscribe: mailto:internals-unsubscr...@lists.php.net list-post: mailto:internals@lists.php.net List-Id: internals.lists.php.net thats not the main reason why those headers exists AFAIK, but I agree that it could be used for reply-to-list as I mentioned before, nobody knows every participant in the list, so if you reply someone, it is better to not only send it to the list.but to that person also, because you don't know that he is on the list or not. normally you have to subscribe for sending to a list and i would wonder if every spambot can anonymously post to php-devel, so if somebody sends to the list he also receives it Am 28.09.2011 17:05, schrieb Rasmus Lerdorf: Reindl, please read http://www.unicom.com/pw/reply-to-harmful.html The list is configured correctly well and there i read the text below and that was the reason why i said last night PLEASE reply only to the list because i need not every message twice and answering to the wrong duplicate leaves the list out, one of you both mails has reply to list and the other copy not, if i use the other copy you get a lonely answer leaving the list out of rcpt But it already is easy. Reasonable mail programs have two separate reply commands: one that replies directly to the author of a message, and another that replies to the author plus all of the list recipients. Even the lowly Berkeley Mail command has had this for about a decade. signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] open_basedir bypass - errata tempnam()
Hi Reindl! Do you realize that you are currently spamming hundreds of people that have subscribed this mailing list with pointless meta-discussions about how you think mailing list should work? The previous answer have already explained in detail why *all* mailing lists (this is not something specific to php-internals) ask you to reply to both author and the list. I would kindly ask you to stop annoying me and others with further off topic messages and hope that the mailing list management will discard your messages if you continue to do so. Thanks. On Wed, Sep 28, 2011 at 5:11 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 28.09.2011 17:03, schrieb Ferenc Kovacs: please configure the mailing-list correct please add a hint that modern clients have a reply-to-list for the record, I don't have that in gmail. please add a hint that the sender should be removed after reply-all because internals@lists.php.net is reaching the list AND the sender of the post where you write your answer and what if the sender is not subscribed to the list? then he can usually not send to a list I don't get two emails in gmail, I don't know that the list is smart enough to not send emails those who are to or cc'ed, or maybe it's a gmail feature. you get them not if the person who answered was smart enough to use reply to list or deleted the second address using reply-to-list will only answer to the mailinglist this is why the following headers exists list-help: mailto:internals-h...@lists.php.net list-unsubscribe: mailto:internals-unsubscr...@lists.php.net list-post: mailto:internals@lists.php.net List-Id: internals.lists.php.net thats not the main reason why those headers exists AFAIK, but I agree that it could be used for reply-to-list as I mentioned before, nobody knows every participant in the list, so if you reply someone, it is better to not only send it to the list.but to that person also, because you don't know that he is on the list or not. normally you have to subscribe for sending to a list and i would wonder if every spambot can anonymously post to php-devel, so if somebody sends to the list he also receives it Am 28.09.2011 17:05, schrieb Rasmus Lerdorf: Reindl, please read http://www.unicom.com/pw/reply-to-harmful.html The list is configured correctly well and there i read the text below and that was the reason why i said last night PLEASE reply only to the list because i need not every message twice and answering to the wrong duplicate leaves the list out, one of you both mails has reply to list and the other copy not, if i use the other copy you get a lonely answer leaving the list out of rcpt But it already is easy. Reasonable mail programs have two separate reply commands: one that replies directly to the author of a message, and another that replies to the author plus all of the list recipients. Even the lowly Berkeley Mail command has had this for about a decade. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Reply-to of mailing lists (was: open_basedir bypass - errata tempnam() )
Ferenc Kovacs wrote: well if there would be used Reply-To-Headers tell me ONE reason to get every answer twice I don't get two emails in gmail, I don't know that the list is smart enough to not send emails those who are to or cc'ed, or maybe it's a gmail feature. That's a gmail (mis)feature. If you receive an email twice, it is collapsed into one. A benefit of being addressed in the email that hasn't been mentioned yet, is that some people use that for email filtering, marking higher emails that are set to them. It is popular for instance among developers of linux kernel, where they don't usually read the very active list (lkml), so you are requested to email the list *and* CC the people that is likely to be interested in that field. Even though those people are subscribed to the list, they are not reading all of it. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Reply-to of mailing lists (was: open_basedir bypass - errata tempnam() )
2011/9/28 Ángel González keis...@gmail.com: Ferenc Kovacs wrote: well if there would be used Reply-To-Headers tell me ONE reason to get every answer twice I don't get two emails in gmail, I don't know that the list is smart enough to not send emails those who are to or cc'ed, or maybe it's a gmail feature. That's a gmail (mis)feature. If you receive an email twice, it is collapsed into one. thanks A benefit of being addressed in the email that hasn't been mentioned yet, johannes mentioned it: http://www.mail-archive.com/internals@lists.php.net/msg53737.html -- Ferenc Kovács @Tyr43l - http://tyrael.hu -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Reply-to of mailing lists
Hi! That's a gmail (mis)feature. If you receive an email twice, it is collapsed into one. I actually don't get emails twice when replied to personally and on the list too... Not gmail, exchange+Thunderbird, no idea who of them does it but I'm OK with it. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Reply-to of mailing lists
Ferenc Kovacs wrote: A benefit of being addressed in the email that hasn't been mentioned yet, johannes mentioned it: http://www.mail-archive.com/internals@lists.php.net/msg53737.html Yes, I noticed it /after/ sending. :( Our emails were alike. We mentioned the same usage pattern and both changed the subject. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
