ID: 37273 Updated by: [EMAIL PROTECTED] Reported By: c dot i dot morris at durham dot ac dot uk -Status: Assigned +Status: Closed Bug Type: Session related Operating System: Linux PHP Version: 5.1.3 Assigned To: iliaa New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-08-20 10:37:11] [EMAIL PROTECTED] Ilia, is this fixed or not? :) ------------------------------------------------------------------------ [2007-08-20 10:19:34] [EMAIL PROTECTED] Security vulnerability should be better fixed in source than documented. ------------------------------------------------------------------------ [2006-07-27 11:41:42] a dot d dot stribblehill at durham dot ac dot uk This is *not* a documentation bug: as the original report says, it is a security vulnerability -- one that can and should be fixed in the code. ------------------------------------------------------------------------ [2006-07-27 01:34:11] [EMAIL PROTECTED] Reclassified. Ilia will give more info for whomever is going to document this. ------------------------------------------------------------------------ [2006-06-16 14:32:37] c dot i dot morris at durham dot ac dot uk For a possible solution to this, in ext/session/mod_files.c, the ps_files_open function has: data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); On systems that support O_NOFOLLOW (FreeBSD, Linux>=2.2, maybe others) you can probably do data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode); which will cause this open to fail (with error ELOOP) if the session file is a symlink rather than a regular file. On systems that don't support O_NOFOLLOW, stat()ing the file and making sure the file mode isn't S_IFLNK should do it. Would you like me to try to put together a patch for this? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/37273 -- Edit this bug report at http://bugs.php.net/?id=37273&edit=1
