#34050 [Opn-Fbk]: safe_mode_include_dir isn't honored

2005-08-22 Thread sniper 
 ID:   34050
 Updated by:   [EMAIL PROTECTED]
 Reported By:  wolfram at schlich dot org
-Status:   Open
+Status:   Feedback
 Bug Type: Safe Mode/open_basedir
 Operating System: Linux 2.6.12-gentoo-r4 x86_64
 PHP Version:  5CVS-2005-08-09 (dev)
 New Comment:

I can't reproduce this either. Try this on command line:

# php -r 'include(/usr/lib/php/Smarty/Smarty.class.php);'

Also, make sure that PHP really is loading the right php.ini file!!
(e.g. if you happen to have one in / that one will be loaded instead)



Previous Comments:


[2005-08-12 01:09:27] wolfram at schlich dot org

no symlink...



[2005-08-12 00:30:26] [EMAIL PROTECTED]

Can't reproduce.
Make sure that /usr/lib/php/Smarty (or any of it's parent dirs) is not
a symbolic link. 



[2005-08-09 18:16:23] wolfram at schlich dot org

then the comment above safe_mode_include_dir is silly:

; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)

it says UID/GID checks are bypassed, so why should I enable
safe_mod_gid then?

I even tried that, result:
--8--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid/gid is 667/888 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid/gid 0/0 in
/home/wschlich/public_html/smartytest/class.MySmarty.inc.php on line
27
--8--



[2005-08-09 18:09:19] [EMAIL PROTECTED]

; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.




[2005-08-09 16:56:52] wolfram at schlich dot org

Description:

when safe_mode is active, I want to be able to include files from
certain directories without checking for their UID/GID.

Reproduce code:
---
--8--[ php.ini ]--8--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = /usr/share/php/:/usr/lib/php/
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8--[ apache vhost config ]--8--
php_value include_path .:/usr/share/php:/usr/lib/php
--8--[ sample php script ]--8--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8--

Expected result:

included file, no error message.

Actual result:
--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19





-- 
Edit this bug report at http://bugs.php.net/?id=34050edit=1

#34050 [Opn-Fbk]: safe_mode_include_dir isn't honored

2005-08-11 Thread tony2001 
 ID:   34050
 Updated by:   [EMAIL PROTECTED]
 Reported By:  wolfram at schlich dot org
-Status:   Open
+Status:   Feedback
 Bug Type: Safe Mode/open_basedir
 Operating System: Linux 2.6.12-gentoo-r4 x86_64
 PHP Version:  5CVS-2005-08-09 (dev)
 New Comment:

Can't reproduce.
Make sure that /usr/lib/php/Smarty (or any of it's parent dirs) is not
a symbolic link. 


Previous Comments:


[2005-08-09 18:16:23] wolfram at schlich dot org

then the comment above safe_mode_include_dir is silly:

; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)

it says UID/GID checks are bypassed, so why should I enable
safe_mod_gid then?

I even tried that, result:
--8--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid/gid is 667/888 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid/gid 0/0 in
/home/wschlich/public_html/smartytest/class.MySmarty.inc.php on line
27
--8--



[2005-08-09 18:09:19] [EMAIL PROTECTED]

; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.




[2005-08-09 16:56:52] wolfram at schlich dot org

Description:

when safe_mode is active, I want to be able to include files from
certain directories without checking for their UID/GID.

Reproduce code:
---
--8--[ php.ini ]--8--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = /usr/share/php/:/usr/lib/php/
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8--[ apache vhost config ]--8--
php_value include_path .:/usr/share/php:/usr/lib/php
--8--[ sample php script ]--8--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8--

Expected result:

included file, no error message.

Actual result:
--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19





-- 
Edit this bug report at http://bugs.php.net/?id=34050edit=1