Bug #53398 [Opn]: Latest open_basedir() changes break accessing files in subdirs

Wed, 24 Nov 2010 07:10:37 -0800 

Edit report at http://bugs.php.net/bug.php?id=53398&edit=1

 ID:                 53398
 User updated by:    info at glsys dot eu
 Reported by:        info at glsys dot eu
 Summary:            Latest open_basedir() changes break accessing files
                     in subdirs
 Status:             Open
 Type:               Bug
-Package:            Security related
+Package:            Safe Mode/open_basedir
 Operating System:   Debian
 PHP Version:        5.3.3
 Block user comment: N
 Private report:     N

 New Comment:

Sorry :D

Changed from Security to Safe Mode/open_basedir... :D



Swifty


Previous Comments:
------------------------------------------------------------------------
[2010-11-24 16:01:43] info at glsys dot eu

Description:
------------
Hi!



Real PHP version: Debian unstable 5.3.3-4

Apache2: Debian 2.2.16-4 mpm-prefork

Safe_mode: off





As the changelog says:

+ possible flaw in open_basedir (CVE-2010-3436)



After this upgrade I can not include/open files if they are in an
open_basedir subdirectory.



One more interesting thing:



My Virtualhost system is located under /data/www.

I had a symlink at /var/www pointing to /data/www.



After this upgrade the I had issues whit open_basedir if I used
/var/www.



Maybe it is related to the subdir issue.



Swifty

Actual result:
--------------
[Wed Nov 24 15:04:44 2010] [error] [client w.x.y.z] PHP Warning: 
Unknown: open_basedir restriction in effect.
File(/data/www/include/modules/img.php) is not within the allowed
path(s):
(/data/www/!Admin/:/data/www/!Error/:/data/www/include/:/data/www/sites/some.domain/)
in Unknown on line 0, referer: http://some.domain/index.php

[Wed Nov 24 15:04:44 2010] [error] [client w.x.y.z] PHP Warning: 
Unknown: failed to open stream: Operation not permitted in Unknown on
line 0, referer: http://some.domain/index.php

[Wed Nov 24 15:04:44 2010] [error] [client w.x.y.z] PHP Fatal error: 
Unknown: Failed opening required '/var/www/include/modules/img.php'
(include_path='.:/usr/share/php:/data/www/include') in Unknown on line
0, referer: http://some.domain/index.php



[Wed Nov 24 15:06:05 2010] [error] [client w.x.y.z] PHP Warning: 
filemtime() [http://www.php.net/en/manual/function.filemtime.php]: stat
failed for /data/www/sites/some.domain/modules/img.php in
/data/www/include/modules/ob.cache.php on line 28, referer:
http://some.domain/index.php




------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53398&edit=1

Reply via email to