ID: 27364 Updated by: [EMAIL PROTECTED] Reported By: support at nfrance dot com -Status: Open +Status: Bogus Bug Type: *Directory/Filesystem functions Operating System: OpenBSD/FreeBSD PHP Version: Irrelevant New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Thank you for your interest in PHP. I cannot verify this problem on Linux and it could not be verified on FreeBSD 4.9 by the people I've asked. The only reason I would imagine this would happen is if your OS would refuse to allow PHP to stat the directory where the file is located. Previous Comments: ------------------------------------------------------------------------ [2004-02-23 10:36:39] support at nfrance dot com Description: ------------ When changing permissions on a directory safe mode restrictions for php scripts in this directory can be bypassed When directory in chmod 755 safe mode works as exepted, bot not anymore in chmod 751 (note that php run as apache module ans /etc/passwd is of course not owned by the same user as apache is running) This has been seen on 3 differents servers, 2 with OpenBSD and one with FreeBSD Tested with PHP 4.2.2 with follonwing configure commands : './configure' '--enable-safe-mode' '--enable-memory-limit' '--with-pgsql=/usr/local/pgsql/' '--with- mysql=/usr/local' '--with-imagic' '--enable-track-vars' '--with-imap=/usr/local/src/imap-2001a' '--with- gd=/usr/local' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-t1lib' '--with-ttf' '-- enable-magic-quotes' '--enable-roxen-zts' '--enable-ftp' '--enable-calendar' '--with-gdbm' '-- enable-zlib=/usr' '--with-gettext' '--with-xml' '--with-dom' '--with-zlib-dir=/usr' '--enable-bcmath' '--with-apache=/usr/local/src/apache_1.3.27' Tested again after having upgraded to PHP 4.3.4 (and having upgraded apache too) with a clean php.ini and the bug is still active However, we've tested on others FreeBSD servers with the same PHP version without any problem. Of course configuration was different ont those servers, but it is not normal that safe mode can be bypassed so easily whatever the environment. Please advise ! Reproduce code: --------------- <? $fp = fopen("/etc/passwd","r"); $data = fgets($fp,255); echo "$data<BR>"; fclose($fp); ?> (bug has been see with readfile() too) Expected result: ---------------- Current directory permissions : drwxr-xr-x 2 fred fred 512 Feb 17 10:58 . Result : Warning: SAFE MODE Restriction in effect. The script whose uid is 1003 is not allowed to access /etc/passwd owned by uid 0 in /home/fred/ test/etcpasswd.php on line 3 Warning: fopen("/etc/passwd", "r") - Inappropriate ioctl for device in /home/fred/test/etcpasswd.php on line 3 Warning: fgets(): supplied argument is not a valid File-Handle resource in /home/fred/test/etcpasswd.php on line 5 Warning: fclose(): supplied argument is not a valid File-Handle resource in /home/fred/test/etcpasswd.php on line 9 Actual result: -------------- Current directory permissions (noting else changed) : drwxr-x--x 2 fred fred 512 Feb 17 10:58 . Result : # $FreeBSD: src/etc/master.passwd,v 1.25.2.5 2002/02/10 11:43:37 obrien Exp $ ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27364&edit=1
