Re: [PHP-DEV] [patch] safe mode gid check

[Rasmus Lerdorf]

> Here is the patch against current CVS.

Ok, I checked through your patch, tested it and committed it.  Good work
on the patch.  It was quite thorough.

If you anticipate doing further PHP work, please let us know and we can
set you up with a CVS account.

-Rasmus


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] [patch] safe mode gid check

[James E. Flemer]

Here is the patch against current CVS.

Use:
  cd php4; patch -p0  Could you recreate this patch against current CVS?
> I think it is a good idea, but your patch doesn't work at all against the
> current code.
>
> Instructions about getting the code from CVS can be found here:
>
>   http://php.net/anoncvs.php
>
> -Rasmus
>
> On Mon, 9 Jul 2001, James E. Flemer wrote:
>
> > This is a patch against php-4.0.4pl1.
> >
> > Description:
> >   In Safe Mode, when opening files the UID of the script
> > owner and the UID of the destination file are compared. In
> > some circumstances it is desired that this check be relaxed
> > to a GID compare. The attached patch adds a php ini
> > directive "safe_mode_gid" (boolean, default: Off). When
> > this is On, a GID compare is performed if the UID compare
> > fails.
> >   Additionally this patch adds a new PHP function
> > getmygid(), which returns the GID of the executing script
> > (see getmyuid()).
> >
> > Author:
> >   James Flemer <[EMAIL PROTECTED]>
> >   CITS / Web Developer
> >   The University of Vermont
> >
> > [ Please CC me in all replies, I am not subscribed to the list. ]
> >
> > Thanks,
> > -James
> >
>


Index: php.ini-dist
===
RCS file: /repository/php4/php.ini-dist,v
retrieving revision 1.86
diff -u -r1.86 php.ini-dist
--- php.ini-dist2001/07/04 03:53:12 1.86
+++ php.ini-dist2001/07/09 16:23:57
@@ -111,6 +111,11 @@
 ;
 safe_mode = Off
 
+; By default, Safe Mode does a UID compare check when
+; opening files. If you want to relax this to a GID compare,
+; then turn on safe_mode_gid.
+safe_mode_gid = Off
+
 ; When safe_mode is on, only executables located in the safe_mode_exec_dir
 ; will be allowed to be executed via the exec family of functions.
 safe_mode_exec_dir =
Index: php.ini-optimized
===
RCS file: /repository/php4/php.ini-optimized,v
retrieving revision 1.40
diff -u -r1.40 php.ini-optimized
--- php.ini-optimized   2001/06/24 22:40:41 1.40
+++ php.ini-optimized   2001/07/09 16:23:57
@@ -81,6 +81,10 @@
 
 ; Safe Mode
 safe_mode  =   Off
+safe_mode_gid  =   Off
+ ; By default, Safe Mode does a UID compare
+  
+ ; check when opening files. If you want to
+  
+ ; relax this to a GID compare, then turn on
+  
+ ; safe_mode_gid.
 safe_mode_exec_dir =
 safe_mode_allowed_env_vars = PHP_  ; Setting 
certain environment variables
   
 ; may be a potential security breach.
Index: ext/standard/basic_functions.c
===
RCS file: /repository/php4/ext/standard/basic_functions.c,v
retrieving revision 1.357
diff -u -r1.357 basic_functions.c
--- ext/standard/basic_functions.c  2001/07/09 10:20:40 1.357
+++ ext/standard/basic_functions.c  2001/07/09 16:24:03
@@ -268,6 +268,7 @@
 #endif
 
PHP_FE(getmyuid,   
 NULL)
+   PHP_FE(getmygid,   
+ NULL)
PHP_FE(getmypid,   
 NULL)
PHP_FE(getmyinode, 
 NULL)
PHP_FE(getlastmod, 
 NULL)
@@ -846,6 +847,7 @@
BG(mmap_file) = NULL;
 #endif
BG(page_uid) = -1;
+   BG(page_gid) = -1;
BG(page_inode) = -1;
BG(page_mtime) = -1;
 #ifdef HAVE_PUTENV
Index: ext/standard/basic_functions.h
===
RCS file: /repository/php4/ext/standard/basic_functions.h,v
retrieving revision 1.80
diff -u -r1.80 basic_functions.h
--- ext/standard/basic_functions.h  2001/05/22 19:19:04 1.80
+++ ext/standard/basic_functions.h  2001/07/09 16:24:03
@@ -155,6 +155,7 @@
  
/* pageinfo.c */
long page_uid;
+   long page_gid;
long page_inode;
long page_mtime;
 
Index: ext/standard/pageinfo.c
===
RCS file: /repository/php4/ext/standard/pageinfo.c,v
retrieving revision 1.23
diff -u -r1.23 pageinfo.c
--- ext/standard/pageinfo.c 2001/06/06 13:05:51 1.23
+++ ext/standard/pageinfo.c 2001/07/09 16:24:03
@@ -49,9 +49,1

Re: [PHP-DEV] [patch] safe mode gid check

[Rasmus Lerdorf]

Could you recreate this patch against current CVS?
I think it is a good idea, but your patch doesn't work at all against the
current code.

Instructions about getting the code from CVS can be found here:

  http://php.net/anoncvs.php

-Rasmus

On Mon, 9 Jul 2001, James E. Flemer wrote:

> This is a patch against php-4.0.4pl1.
>
> Description:
>   In Safe Mode, when opening files the UID of the script
> owner and the UID of the destination file are compared. In
> some circumstances it is desired that this check be relaxed
> to a GID compare. The attached patch adds a php ini
> directive "safe_mode_gid" (boolean, default: Off). When
> this is On, a GID compare is performed if the UID compare
> fails.
>   Additionally this patch adds a new PHP function
> getmygid(), which returns the GID of the executing script
> (see getmyuid()).
>
> Author:
>   James Flemer <[EMAIL PROTECTED]>
>   CITS / Web Developer
>   The University of Vermont
>
> [ Please CC me in all replies, I am not subscribed to the list. ]
>
> Thanks,
> -James
>


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] [patch] safe mode gid check

[James E. Flemer]

This is a patch against php-4.0.4pl1.

Description:
  In Safe Mode, when opening files the UID of the script
owner and the UID of the destination file are compared. In
some circumstances it is desired that this check be relaxed
to a GID compare. The attached patch adds a php ini
directive "safe_mode_gid" (boolean, default: Off). When
this is On, a GID compare is performed if the UID compare
fails.
  Additionally this patch adds a new PHP function
getmygid(), which returns the GID of the executing script
(see getmyuid()).

Author:
  James Flemer <[EMAIL PROTECTED]>
  CITS / Web Developer
  The University of Vermont

[ Please CC me in all replies, I am not subscribed to the list. ]

Thanks,
-James


--- php-4.0.4pl1/FUNCTION_LIST.txt  2001/07/09 15:11:32 1.1
+++ php-4.0.4pl1/FUNCTION_LIST.txt  2001/07/09 15:10:27
@@ -83,6 +83,7 @@
 
get_current_user
getmyuid
+   getmygid
getmypid
 u  getmyinode
getlastmod
--- php-4.0.4pl1/php.ini-dist   2001/07/09 15:12:08 1.1
+++ php-4.0.4pl1/php.ini-dist   2001/07/09 15:15:27
@@ -90,6 +90,10 @@
 
 ; Safe Mode
 safe_mode  =   Off
+safe_mode_gid  =   Off
+ ; By default, Safe Mode does a UID compare
+  
+ ; check when opening files. If you want to
+  
+ ; relax this to a GID compare, then turn on
+  
+ ; safe_mode_gid.
 safe_mode_exec_dir =
 safe_mode_allowed_env_vars = PHP_  ; Setting 
certain environment variables
   
 ; may be a potential security breach.
--- php-4.0.4pl1/php.ini-optimized  2001/07/09 15:12:11 1.1
+++ php-4.0.4pl1/php.ini-optimized  2001/07/09 15:15:37
@@ -77,6 +77,10 @@
 
 ; Safe Mode
 safe_mode  =   Off
+safe_mode_gid  =   Off
+ ; By default, Safe Mode does a UID compare
+  
+ ; check when opening files. If you want to
+  
+ ; relax this to a GID compare, then turn on
+  
+ ; safe_mode_gid.
 safe_mode_exec_dir =
 safe_mode_allowed_env_vars = PHP_  ; Setting 
certain environment variables
   
 ; may be a potential security breach.
--- php-4.0.4pl1/main/main.c2001/07/08 20:53:18 1.1
+++ php-4.0.4pl1/main/main.c2001/07/09 00:27:42
@@ -228,6 +228,7 @@
STD_PHP_INI_BOOLEAN("register_argc_argv",   "1",PHP_INI_ALL,   
 OnUpdateBool,   register_argc_argv, 
php_core_globals,   core_globals)
STD_PHP_INI_BOOLEAN("register_globals", "1",PHP_INI_ALL,   
 OnUpdateBool,   register_globals,   
php_core_globals,   core_globals)
STD_PHP_INI_BOOLEAN("safe_mode","0",
PHP_INI_SYSTEM, OnUpdateBool,   safe_mode, 
 php_core_globals,   core_globals)
+   STD_PHP_INI_BOOLEAN("safe_mode_gid","0",
+PHP_INI_SYSTEM, OnUpdateBool,   safe_mode_gid,
+  php_core_globals,   core_globals)
STD_PHP_INI_BOOLEAN("short_open_tag",   "1",
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateBool,   short_tags,
 zend_compiler_globals,  compiler_globals)
STD_PHP_INI_BOOLEAN("sql.safe_mode","0",
PHP_INI_SYSTEM, OnUpdateBool,   sql_safe_mode, 
 php_core_globals,   core_globals)
STD_PHP_INI_BOOLEAN("track_errors", "0",
PHP_INI_ALL,OnUpdateBool,   track_errors,  
 php_core_globals,   core_globals)
--- php-4.0.4pl1/main/php_globals.h 2001/07/08 20:53:18 1.1
+++ php-4.0.4pl1/main/php_globals.h 2001/07/09 00:17:38
@@ -63,6 +63,7 @@
zend_bool implicit_flush;
 
zend_bool safe_mode;
+   zend_bool safe_mode_gid;
zend_bool sql_safe_mode;
zend_bool enable_dl;
 
--- php-4