ID: 42291 User updated by: rob-phpbugs at tigertech dot com Reported By: rob-phpbugs at tigertech dot com Status: Open Bug Type: Filesystem function related Operating System: Linux -PHP Version: 4.4.7 +PHP Version: 5.2.4 New Comment:
I fear this bug could be ignored because I tagged it as happening on PHP 4. Just to make sure it's clear, I'm retagging it as happening in PHP 5.2.4 -- it affects all versions. Previous Comments: ------------------------------------------------------------------------ [2007-11-04 17:16:19] marcel dot wiechmann at gmail dot com Same problem here. But not only under php 4.4.7 also under php 5.2.4 ------------------------------------------------------------------------ [2007-11-04 15:51:26] chh at innov8 dot ch I can confirm this behaviour. If "upload_tmp_dir" is on the same filesystem as the destination folder (normally the webspace of the customer(s) then the file permissions are set to 0600 - otherwise 0644 (umask at 0022), when using move_uploaded_file(). The temp file - before calling move_uploaded_file() - also has 0600 permissions. This leads to a problem when using suphp (suexec, fastcgi or whatever) and upload-functions in php applications which do not set the permissions after using move_uploaded_file() [Joomla seems to be such a candidate - Typo3 does it right..]. If you upload a static file which should be readable by the webserver but isn't because only PHP (and other user running applications) can access the file. All Upload functions should use a chmod() after move_uploded_file()... ------------------------------------------------------------------------ [2007-08-14 03:50:47] rob-phpbugs at tigertech dot com Description: ------------ On all current PHP versions, move_uploaded_file() creates a destination file that is either mode 0600 or 0644 (on Linux, anyway), depending on whether move_uploaded_file() needed to copy the file across filesystems. If the file can be moved (renamed), then the resulting file is mode 0600, because the file was originally created with mkstemp. If the file needs to be copied, the resulting mode is 0644 instead (assuming a "normal" umask of 022). This behavior appears (to the script author who isn't familiar with how move_uploaded_file works internally) inconsistent and surprising, and is undocumented. Expected result: ---------------- Permissions given to uploaded files should be consistent, depending only on the umask setting. In other words, if I pass move_uploaded_file() the same parameters with the same umask value, I would expect to see the same resulting permissions, regardless of whether PHP's temporary file location happens to be on the same file system as the final destination. One could argue that a script author should be aware of this behavior, and should therefore find out whether the temporary location is on the same file system and plan for the resulting behavior. However, that doesn't seem practical. First of all, the current behavior isn't documented, so few people are aware of it. Secondly, the file system that is used for temporary files may be out of the script author's control, and may change without his or her knowledge (especially in a shared hosting environment, etc.) This could have security implications: Uploaded files that used to be given mode 0600 and were therefore considered "secure" because the script author thought that's "just how PHP works" will suddenly start getting mode 0644 if the server admin moves /tmp to a dedicated partition, for example. Making the behavior consistent (one way or the other) would avoid confusion. If the behavior can't be made consistent, it would be good to document the current behavior so that authors know that relying on the mode is not safe. Actual result: -------------- Permissions are set to either 0600 or 0644 depending on filesystem configuration. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42291&edit=1