ID: 31618 Updated by: [EMAIL PROTECTED] Reported By: kibab at icehouse dot net -Status: Open +Status: Bogus Bug Type: Filesystem function related Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 New Comment:
Did you read something about safe_mode before turning it On? "By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access." (c) http://www.php.net/manual/en/features.safe-mode.php So, it's perfectly fine to have these errors and to have FALSE in is_readable() because you turned safe_mode yourself. This is expected behaviour. Previous Comments: ------------------------------------------------------------------------ [2005-08-11 01:59:45] kibab at icehouse dot net Ok. It says (see http://www.ewu.edu/web/tools/bug31618_3.php): Warning: fopen() [function.fopen]: SAFE MODE Restriction in effect. The script whose uid/gid is 687/694 is not allowed to access /usr/share/pear/commonfile.php owned by uid/gid 0/0 in /var/www/sites/web/tools/bug31618_3.php on line 3 Warning: fopen(/usr/share/pear/commonfile.php) [function.fopen]: failed to open stream: Resource temporarily unavailable in /var/www/sites/web/tools/bug31618_3.php on line 3 ------------------------------------------------------------------------ [2005-08-10 20:44:05] [EMAIL PROTECTED] Of course, I meant this: <?php $myfilename = '/usr/share/pear/commonfile.php'; fopen($myfilename, 'r'); ?> ------------------------------------------------------------------------ [2005-08-10 20:36:39] [EMAIL PROTECTED] Could you plz also try this: <?php fopen($myfilename, 'r'); ?> And post the error message here. Thanks. ------------------------------------------------------------------------ [2005-08-10 20:24:48] kibab at icehouse dot net Ok, here's a new "complete" example for you. First, we need to do some setup as this is based on permissions, ownership, and safe mode: cd <some directory in safe_mode_include_dir> # note, I used cd /usr/share/pear echo "TESTING" > commonfile.php chmod a+r commonfile.php Then: $ ls -l commonfile* -rw-rw-r-- 1 root root 8 Aug 10 10:54 commonfile.php And, permissions on the source PHP file in use: $ ls -l bug31618.php -rw-rw-r-- 1 kpederson financialaid 576 Aug 10 10:50 bug31618.php I used the following relevant settings: $ grep -iE "safe|include" /etc/php.ini | grep -v "^;" safe_mode = On safe_mode_gid = On safe_mode_include_dir = /usr/share/pear safe_mode_exec_dir = "/usr/local/php_exe/bin" safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH include_path = ".:/usr/share/pear/:/usr/share/pear/ewu_lib:/var/lib/php_secure" sql.safe_mode = Off Now, grab my PHP script from the following URL: http://www.ewu.edu/web/tools/bug31618.php.txt It's output looks like the following (as can be seen from http://www.ewu.edu/web/tools/bug31618.php): is_readable: /usr/share/pear/commonfile.php (false) TESTING Now, if I change the ownership to root:root (as I did for bug31618_2.php, eg. as seen by http://www.ewu.edu/web/tools/bug31618_2.php): is_readable: /usr/share/pear/commonfile.php (true) TESTING Thus, the results are based on ownership of the calling php script, not the file attempting to be read, despite being in safe_mode_include_dir. ------------------------------------------------------------------------ [2005-08-08 19:56:08] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618&edit=1
