ID: 15928
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Closed
Bug Type: PHP options/info functions
Operating System: AIX
PHP Version: 4.1.2
New Comment:
I didn't say "release" but RC, which means "release candidate".
Derick
Previous Comments:
------------------------------------------------------------------------
[2002-03-19 03:16:03] [EMAIL PROTECTED]
Sorry, since we were running php 4.1.1 still yesterday
I was not aware that Sander meant that the bug was
fixed in CVS. Since you announced the new release
for tomorrow, I'll wait and try it out.
Thanks Roberto
------------------------------------------------------------------------
[2002-03-19 03:07:13] [EMAIL PROTECTED]
I think Sander meant it's fixed in CVS. Can you try a snapshot from
snaps.php.net, or wait for 4.2.0RC1, which will be rolled tomorrow?
Derick
------------------------------------------------------------------------
[2002-03-19 03:04:45] [EMAIL PROTECTED]
Sorry, but in fact the bug still persists in php 4.1.2
a php script owned by uid=xxx is able to upload
files to a directory owned by uid=yyy in safe_mode.
Please reopen this bug.
------------------------------------------------------------------------
[2002-03-17 12:35:33] [EMAIL PROTECTED]
This is already implemented.
------------------------------------------------------------------------
[2002-03-07 06:15:09] [EMAIL PROTECTED]
Security issue in move_uploaded_file() while in safe-mode
We have different web-sites running on our server. Each of them
may prepare a directory in which files may be written using php-upload
and move_uploaded_file(). Our webserver runs with
safe-mode-restriction.
The documentations says, as mentioned, that this is not unsafe.
Note: move_uploaded_file() is not affected by the normal
safe-mode UID-restrictions. This is not unsafe
because
move_uploaded_file() only operates on files
uploaded via PHP.
In fact, it is. If I know a directory of another website which
allows to upload files via php, I'll be able to write a file to this
location,
offering an upload-script on my website. I could on this way put
offending files in someone elses website, who probably protectet his
php-upload-script with .htaccess.
I would suggest that move_uploaded_file() should be modified that
way, that files may only be moved to directories whose owner is the
same as the upload-script while safe-mode restriction applies.
This approach would guarantee that nobody else as the people who
offers an upload-script will be able to put files in the owners
webspace.
After such a modification move_uploaded_file() will be really safe. At
present, it's not. It allows to skip safe-mode-restriction.
Kind regards and thanks for any feedback
Roberto
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15928&edit=1
