Bug #16360 Updated: Segmentation fault in Array functions
ID: 16360
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Scripting Engine problem
Operating System: Linux, Windows
PHP Version: 4.0CVS-2002-03-3
New Comment:
After applying the patch above, my Apache segfaults on scripts which
ran fine before or just prints "Unsupported operand types in Unknown on
line 0". Using PHP 4.2.0RC1.
Previous Comments:
[2002-03-31 12:21:32] [EMAIL PROTECTED]
Increasing the refcount width from short to long doesn't
solve the issue. A strict upper limit test is badly needed
to check whether the refcounter can be increased in the
given limit or not.
I suggest to throw a memory exhausted error with a hint
that no more reference counters could be allocated.
[2002-03-31 05:06:08] [EMAIL PROTECTED]
This should be refcount issue.
Change _zval_struct's refcount data type from unsingned short to
unsinged int, then PHP should be fine upto 4G.
Without patch refcount can be upto 64K and no error check
is done -> segfualts.
ZE2 is changed to use unsinged int already. IIRC.
Index: Zend/zend.h
===
RCS file: /repository/Zend/zend.h,v
retrieving revision 1.152
diff -u -r1.152 zend.h
--- Zend/zend.h 15 Mar 2002 04:33:05 - 1.152
+++ Zend/zend.h 31 Mar 2002 10:03:41 -
@@ -209,9 +209,9 @@
struct _zval_struct {
/* Variable information */
zvalue_value value; /* value */
+ zend_uint refcount;
zend_uchar type;/* active type */
zend_uchar is_ref;
- zend_ushort refcount;
};
[2002-03-31 03:26:00] [EMAIL PROTECTED]
I did the same test on my machine (Linux 2.4.18, PHP 4.1.2
CGI-Version).
My php.ini looks like this:
memory_limit = 8M
log_errors = On
error_log = syslog
When I run the test routine nothing appears in my syslog and I get the
segfault.
[2002-03-30 10:36:36] [EMAIL PROTECTED]
found two machines that are not affected by this bug:
http://phpzone.de/info/
http://angela.nettrade.de/info.php
[2002-03-30 10:24:59] [EMAIL PROTECTED]
fixed the summary
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/16360
--
Edit this bug report at http://bugs.php.net/?id=16360&edit=1
Bug #16360 Updated: Segmentation fault in Array functions
ID: 16360
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Scripting Engine problem
Operating System: Linux, Windows
PHP Version: 4.0CVS-2002-03-3
New Comment:
Please give me a hint how to locate the line, for I don't know :-)
I'm using the Zend Optimizer in addition, nothing else.
Previous Comments:
[2002-03-31 20:56:36] [EMAIL PROTECTED]
wolfram,
Could you locate which line is causing following error?
"Unsupported operand types in Unknown on line 0"
I don't get this error message with my applicatins.
Are you using any cache products?
[2002-03-31 12:42:45] [EMAIL PROTECTED]
After applying the patch above, my Apache segfaults on scripts which
ran fine before or just prints "Unsupported operand types in Unknown on
line 0". Using PHP 4.2.0RC1.
[2002-03-31 12:21:32] [EMAIL PROTECTED]
Increasing the refcount width from short to long doesn't
solve the issue. A strict upper limit test is badly needed
to check whether the refcounter can be increased in the
given limit or not.
I suggest to throw a memory exhausted error with a hint
that no more reference counters could be allocated.
[2002-03-31 05:06:08] [EMAIL PROTECTED]
This should be refcount issue.
Change _zval_struct's refcount data type from unsingned short to
unsinged int, then PHP should be fine upto 4G.
Without patch refcount can be upto 64K and no error check
is done -> segfualts.
ZE2 is changed to use unsinged int already. IIRC.
Index: Zend/zend.h
===
RCS file: /repository/Zend/zend.h,v
retrieving revision 1.152
diff -u -r1.152 zend.h
--- Zend/zend.h 15 Mar 2002 04:33:05 - 1.152
+++ Zend/zend.h 31 Mar 2002 10:03:41 -
@@ -209,9 +209,9 @@
struct _zval_struct {
/* Variable information */
zvalue_value value; /* value */
+ zend_uint refcount;
zend_uchar type;/* active type */
zend_uchar is_ref;
- zend_ushort refcount;
};
[2002-03-31 03:26:00] [EMAIL PROTECTED]
I did the same test on my machine (Linux 2.4.18, PHP 4.1.2
CGI-Version).
My php.ini looks like this:
memory_limit = 8M
log_errors = On
error_log = syslog
When I run the test routine nothing appears in my syslog and I get the
segfault.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/16360
--
Edit this bug report at http://bugs.php.net/?id=16360&edit=1
Bug #16360 Updated: Segmentation fault in Array functions
ID: 16360 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Analyzed Bug Type: Scripting Engine problem Operating System: Linux, Windows PHP Version: 4.0CVS-2002-03-3 New Comment: Ok, ZendOptimizer disabled, patch works as expected. Any patch like the one Joerg suggested in sight? Previous Comments: [2002-04-01 01:32:52] [EMAIL PROTECTED] When you report error. Disable Zend Optimizer _ALWAYS_. We don't support ZendOptimizer and it's waste of time for both of us. Zend optimizer probably does not work with the patch. To locate line, use die(). [2002-03-31 21:44:32] [EMAIL PROTECTED] Please give me a hint how to locate the line, for I don't know :-) I'm using the Zend Optimizer in addition, nothing else. [2002-03-31 20:56:36] [EMAIL PROTECTED] wolfram, Could you locate which line is causing following error? "Unsupported operand types in Unknown on line 0" I don't get this error message with my applicatins. Are you using any cache products? [2002-03-31 12:42:45] [EMAIL PROTECTED] After applying the patch above, my Apache segfaults on scripts which ran fine before or just prints "Unsupported operand types in Unknown on line 0". Using PHP 4.2.0RC1. [2002-03-31 12:21:32] [EMAIL PROTECTED] Increasing the refcount width from short to long doesn't solve the issue. A strict upper limit test is badly needed to check whether the refcounter can be increased in the given limit or not. I suggest to throw a memory exhausted error with a hint that no more reference counters could be allocated. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/16360 -- Edit this bug report at http://bugs.php.net/?id=16360&edit=1
Bug #16360 Updated: Segmentation fault in Array functions
ID: 16360 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Analyzed Bug Type: Scripting Engine problem Operating System: Linux, Windows PHP Version: 4.0CVS-2002-03-3 New Comment: why not? Previous Comments: [2002-04-01 21:58:51] [EMAIL PROTECTED] My personaly preference is "result must be correct always, if not raise error", but it's not the case under PHP, unfortunately. [2002-04-01 09:00:25] [EMAIL PROTECTED] Ok, ZendOptimizer disabled, patch works as expected. Any patch like the one Joerg suggested in sight? [2002-04-01 01:32:52] [EMAIL PROTECTED] When you report error. Disable Zend Optimizer _ALWAYS_. We don't support ZendOptimizer and it's waste of time for both of us. Zend optimizer probably does not work with the patch. To locate line, use die(). [2002-03-31 21:44:32] [EMAIL PROTECTED] Please give me a hint how to locate the line, for I don't know :-) I'm using the Zend Optimizer in addition, nothing else. [2002-03-31 20:56:36] [EMAIL PROTECTED] wolfram, Could you locate which line is causing following error? "Unsupported operand types in Unknown on line 0" I don't get this error message with my applicatins. Are you using any cache products? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/16360 -- Edit this bug report at http://bugs.php.net/?id=16360&edit=1
#34656 [NoF->Opn]: open_basedir restriction in effect although paths are set correctly
ID: 34656 User updated by: wolfram at schlich dot org Reported By: wolfram at schlich dot org -Status: No Feedback +Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 -PHP Version: 4.4.0 +PHP Version: 4.4.1 New Comment: Just tried with the freshly released 4.4.1, without luck: --8<-- Warning: fopen(): open_basedir restriction in effect. File(/tmp/foo.bar) is not within the allowed path(s): (/home/sites/site81/:/tmp/:/usr/share/pear/) in /home/sites/site81/web/fopen.php on line 3 Warning: fopen(/tmp/foo.bar): failed to open stream: Operation not permitted in /home/sites/site81/web/fopen.php on line 3 --8<-- --8<--[ access.conf ]--8<-- php_admin_value open_basedir /home/sites/site81/:/tmp/:/usr/share/pear/ --8<-- Previous Comments: [2005-10-05 01:00:09] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". [2005-09-27 19:53:27] [EMAIL PROTECTED] Give feedback when you have some.. ---- [2005-09-27 19:47:49] wolfram at schlich dot org thanks! will do. [2005-09-27 19:27:01] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Something related to open_basedir and the paths was just fixed. Give it an hour or two. ---- [2005-09-27 19:24:09] wolfram at schlich dot org sorry, I cannot use anything other than php4 on that machines. they are used for webhosting, the customers depend on php4. thanks. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34656 -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1
#34656 [NoF->Opn]: open_basedir restriction in effect although paths are set correctly
ID: 34656 User updated by: wolfram at schlich dot org Reported By: wolfram at schlich dot org -Status: No Feedback +Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.1 New Comment: just tried http://snaps.php.net/php4-STABLE-200511251208.tar.gz with open_basedir in php.ini -- no luck: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/tmp/) in /home/sites/site15/web/write_tmp.php on line 3 Previous Comments: [2005-11-09 01:00:02] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". [2005-11-01 22:34:00] [EMAIL PROTECTED] Does it work if you set the open_basedir in php.ini ? [2005-11-01 15:01:35] wolfram at schlich dot org Just tried with the freshly released 4.4.1, without luck: --8<-- Warning: fopen(): open_basedir restriction in effect. File(/tmp/foo.bar) is not within the allowed path(s): (/home/sites/site81/:/tmp/:/usr/share/pear/) in /home/sites/site81/web/fopen.php on line 3 Warning: fopen(/tmp/foo.bar): failed to open stream: Operation not permitted in /home/sites/site81/web/fopen.php on line 3 --8<-- --8<--[ access.conf ]--8<-- php_admin_value open_basedir /home/sites/site81/:/tmp/:/usr/share/pear/ --8<-- [2005-09-27 19:27:01] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Something related to open_basedir and the paths was just fixed. Give it an hour or two. ---- [2005-09-27 12:44:53] wolfram at schlich dot org Description: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 3 Warning: fopen(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 4 Warning: fopen(/tmp/f5_test): failed to open stream: Operation not permitted in /home/sites/site15/web/write_tmp.php on line 4 Warning: fwrite(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 5 Warning: fclose(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 6 Reproduce code: --- --8<--[ write_tmp.php ]--8<-- --8<--[ httpd.conf ]--8<-- ## doesn't work php_admin_value open_basedir /home/sites/site15/:/tmp ## also doesn't work # php_admin_value open_basedir / ## works, but is not what's desired # php_admin_value open_basedir none --8<-- Also tried to set open_basedir within the VirtualHost, didn' t work either. Expected result: no errors Actual result: -- open_basedir errors -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1
#34656 [Opn]: open_basedir restriction in effect although paths are set correctly
ID: 34656 User updated by: wolfram at schlich dot org Reported By: wolfram at schlich dot org Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.1 New Comment: Do you need more information? Previous Comments: [2005-11-25 13:27:23] wolfram at schlich dot org just tried http://snaps.php.net/php4-STABLE-200511251208.tar.gz with open_basedir in php.ini -- no luck: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/tmp/) in /home/sites/site15/web/write_tmp.php on line 3 [2005-11-01 22:34:00] [EMAIL PROTECTED] Does it work if you set the open_basedir in php.ini ? [2005-11-01 15:01:35] wolfram at schlich dot org Just tried with the freshly released 4.4.1, without luck: --8<-- Warning: fopen(): open_basedir restriction in effect. File(/tmp/foo.bar) is not within the allowed path(s): (/home/sites/site81/:/tmp/:/usr/share/pear/) in /home/sites/site81/web/fopen.php on line 3 Warning: fopen(/tmp/foo.bar): failed to open stream: Operation not permitted in /home/sites/site81/web/fopen.php on line 3 --8<-- --8<--[ access.conf ]--8<-- php_admin_value open_basedir /home/sites/site81/:/tmp/:/usr/share/pear/ --8<-- [2005-09-27 12:44:53] wolfram at schlich dot org Description: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 3 Warning: fopen(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 4 Warning: fopen(/tmp/f5_test): failed to open stream: Operation not permitted in /home/sites/site15/web/write_tmp.php on line 4 Warning: fwrite(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 5 Warning: fclose(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 6 Reproduce code: --- --8<--[ write_tmp.php ]--8<-- --8<--[ httpd.conf ]--8<-- ## doesn't work php_admin_value open_basedir /home/sites/site15/:/tmp ## also doesn't work # php_admin_value open_basedir / ## works, but is not what's desired # php_admin_value open_basedir none --8<-- Also tried to set open_basedir within the VirtualHost, didn' t work either. Expected result: no errors Actual result: -- open_basedir errors -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1
#34656 [Fbk->Opn]: open_basedir restriction in effect although paths are set correctly
ID: 34656 User updated by: wolfram at schlich dot org Reported By: wolfram at schlich dot org -Status: Feedback +Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.1 New Comment: Unfortunately it's impossible to use any other version of PHP than 4.x on this machine :-( Previous Comments: [2005-12-13 17:41:53] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.1-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.1-win32-latest.zip [2005-11-30 15:02:53] wolfram at schlich dot org Do you need more information? [2005-11-25 13:27:23] wolfram at schlich dot org just tried http://snaps.php.net/php4-STABLE-200511251208.tar.gz with open_basedir in php.ini -- no luck: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/tmp/) in /home/sites/site15/web/write_tmp.php on line 3 [2005-11-01 22:34:00] [EMAIL PROTECTED] Does it work if you set the open_basedir in php.ini ? [2005-11-01 15:01:35] wolfram at schlich dot org Just tried with the freshly released 4.4.1, without luck: --8<-- Warning: fopen(): open_basedir restriction in effect. File(/tmp/foo.bar) is not within the allowed path(s): (/home/sites/site81/:/tmp/:/usr/share/pear/) in /home/sites/site81/web/fopen.php on line 3 Warning: fopen(/tmp/foo.bar): failed to open stream: Operation not permitted in /home/sites/site81/web/fopen.php on line 3 --8<-- --8<--[ access.conf ]--8<-- php_admin_value open_basedir /home/sites/site81/:/tmp/:/usr/share/pear/ --8<-- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34656 -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1
#34656 [Fbk->Opn]: open_basedir restriction in effect although paths are set correctly
ID: 34656 User updated by: wolfram at schlich dot org Reported By: wolfram at schlich dot org -Status: Feedback +Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.1 New Comment: I cannot even try it. Previous Comments: [2005-12-13 20:16:22] [EMAIL PROTECTED] I didn't ask you to permanently install it, I only asked you to TRY it out and see if you can reproduce it. [2005-12-13 18:00:44] wolfram at schlich dot org Unfortunately it's impossible to use any other version of PHP than 4.x on this machine :-( [2005-12-13 17:41:53] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.1-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.1-win32-latest.zip [2005-11-30 15:02:53] wolfram at schlich dot org Do you need more information? [2005-11-25 13:27:23] wolfram at schlich dot org just tried http://snaps.php.net/php4-STABLE-200511251208.tar.gz with open_basedir in php.ini -- no luck: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/tmp/) in /home/sites/site15/web/write_tmp.php on line 3 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34656 -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1
#34050 [NEW]: safe_mode_include_dir isn't honored
From: wolfram at schlich dot org
Operating system: Linux 2.6.12-gentoo-r4 x86_64
PHP version: 5CVS-2005-08-09 (dev)
PHP Bug Type: Safe Mode/open_basedir
Bug description: safe_mode_include_dir isn't honored
Description:
when safe_mode is active, I want to be able to include files from certain
directories without checking for their UID/GID.
Reproduce code:
---
--8<--[ php.ini ]--8<--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = "/usr/share/php/:/usr/lib/php/"
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8<--[ apache vhost config ]--8<--
php_value include_path ".:/usr/share/php:/usr/lib/php"
--8<--[ sample php script ]--8<--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8<--
Expected result:
included file, no error message.
Actual result:
--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19
--
Edit bug report at http://bugs.php.net/?id=34050&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34050&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=34050&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=34050&r=trysnapshot51
Fixed in CVS:http://bugs.php.net/fix.php?id=34050&r=fixedcvs
Fixed in release:http://bugs.php.net/fix.php?id=34050&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=34050&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=34050&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=34050&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=34050&r=support
Expected behavior: http://bugs.php.net/fix.php?id=34050&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=34050&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=34050&r=submittedtwice
register_globals:http://bugs.php.net/fix.php?id=34050&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34050&r=php3
Daylight Savings:http://bugs.php.net/fix.php?id=34050&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=34050&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=34050&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=34050&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=34050&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=34050&r=mysqlcfg
#34050 [Bgs->Opn]: safe_mode_include_dir isn't honored
ID: 34050
User updated by: wolfram at schlich dot org
Reported By: wolfram at schlich dot org
-Status: Bogus
+Status: Open
Bug Type: Safe Mode/open_basedir
Operating System: Linux 2.6.12-gentoo-r4 x86_64
PHP Version: 5CVS-2005-08-09 (dev)
New Comment:
then the comment above safe_mode_include_dir is silly:
; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
it says "UID/GID checks are bypassed", so why should I enable
safe_mod_gid then?
I even tried that, result:
--8<--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid/gid is 667/888 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid/gid 0/0 in
/home/wschlich/public_html/smartytest/class.MySmarty.inc.php on line
27
--8<--
Previous Comments:
[2005-08-09 18:09:19] [EMAIL PROTECTED]
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
[2005-08-09 16:56:52] wolfram at schlich dot org
Description:
when safe_mode is active, I want to be able to include files from
certain directories without checking for their UID/GID.
Reproduce code:
---
--8<--[ php.ini ]--8<--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = "/usr/share/php/:/usr/lib/php/"
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8<--[ apache vhost config ]--8<--
php_value include_path ".:/usr/share/php:/usr/lib/php"
--8<--[ sample php script ]--8<--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8<--
Expected result:
included file, no error message.
Actual result:
--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19
--
Edit this bug report at http://bugs.php.net/?id=34050&edit=1
#34050 [Fbk->Opn]: safe_mode_include_dir isn't honored
ID: 34050
User updated by: wolfram at schlich dot org
Reported By: wolfram at schlich dot org
-Status: Feedback
+Status: Open
Bug Type: Safe Mode/open_basedir
Operating System: Linux 2.6.12-gentoo-r4 x86_64
PHP Version: 5CVS-2005-08-09 (dev)
New Comment:
no symlink...
Previous Comments:
[2005-08-12 00:30:26] [EMAIL PROTECTED]
Can't reproduce.
Make sure that /usr/lib/php/Smarty (or any of it's parent dirs) is not
a symbolic link.
[2005-08-09 18:16:23] wolfram at schlich dot org
then the comment above safe_mode_include_dir is silly:
; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
it says "UID/GID checks are bypassed", so why should I enable
safe_mod_gid then?
I even tried that, result:
--8<--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid/gid is 667/888 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid/gid 0/0 in
/home/wschlich/public_html/smartytest/class.MySmarty.inc.php on line
27
--8<--
[2005-08-09 18:09:19] [EMAIL PROTECTED]
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
----
[2005-08-09 16:56:52] wolfram at schlich dot org
Description:
when safe_mode is active, I want to be able to include files from
certain directories without checking for their UID/GID.
Reproduce code:
---
--8<--[ php.ini ]--8<--
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir = "/usr/share/php/:/usr/lib/php/"
safe_mode_allowed_env_vars = PHP_,LANG,LC_
--8<--[ apache vhost config ]--8<--
php_value include_path ".:/usr/share/php:/usr/lib/php"
--8<--[ sample php script ]--8<--
require_once('/usr/lib/php/Smarty/Smarty.class.php');
--8<--
Expected result:
included file, no error message.
Actual result:
--
Warning: main() [function.main]: SAFE MODE Restriction in effect. The
script whose uid is 667 is not allowed to access
/usr/lib/php/Smarty/Smarty.class.php owned by uid 0 in
/home/wschlich/public_html/smartytest/smartytest.php on line 19
--
Edit this bug report at http://bugs.php.net/?id=34050&edit=1
#34656 [NEW]: open_basedir restriction in effect although paths are set correctly
From: wolfram at schlich dot org Operating system: Linux 2.2.16 i586 PHP version: 4.4.0 PHP Bug Type: Safe Mode/open_basedir Bug description: open_basedir restriction in effect although paths are set correctly Description: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 3 Warning: fopen(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 4 Warning: fopen(/tmp/f5_test): failed to open stream: Operation not permitted in /home/sites/site15/web/write_tmp.php on line 4 Warning: fwrite(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 5 Warning: fclose(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 6 Reproduce code: --- --8<--[ write_tmp.php ]--8<-- --8<--[ httpd.conf ]--8<-- ## doesn't work php_admin_value open_basedir /home/sites/site15/:/tmp ## also doesn't work # php_admin_value open_basedir / ## works, but is not what's desired # php_admin_value open_basedir none --8<-- Also tried to set open_basedir within the VirtualHost, didn' t work either. Expected result: no errors Actual result: -- open_basedir errors -- Edit bug report at http://bugs.php.net/?id=34656&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34656&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=34656&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=34656&r=trysnapshot51 Fixed in CVS:http://bugs.php.net/fix.php?id=34656&r=fixedcvs Fixed in release:http://bugs.php.net/fix.php?id=34656&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=34656&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=34656&r=needscript Try newer version: http://bugs.php.net/fix.php?id=34656&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=34656&r=support Expected behavior: http://bugs.php.net/fix.php?id=34656&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=34656&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=34656&r=submittedtwice register_globals:http://bugs.php.net/fix.php?id=34656&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34656&r=php3 Daylight Savings:http://bugs.php.net/fix.php?id=34656&r=dst IIS Stability: http://bugs.php.net/fix.php?id=34656&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=34656&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=34656&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=34656&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=34656&r=mysqlcfg
#34656 [Fbk->Opn]: open_basedir restriction in effect although paths are set correctly
ID: 34656 User updated by: wolfram at schlich dot org Reported By: wolfram at schlich dot org -Status: Feedback +Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.0 New Comment: sorry, I cannot use anything other than php4 on that machines. they are used for webhosting, the customers depend on php4. thanks. Previous Comments: [2005-09-27 19:09:06] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip [2005-09-27 12:44:53] wolfram at schlich dot org Description: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 3 Warning: fopen(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 4 Warning: fopen(/tmp/f5_test): failed to open stream: Operation not permitted in /home/sites/site15/web/write_tmp.php on line 4 Warning: fwrite(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 5 Warning: fclose(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 6 Reproduce code: --- --8<--[ write_tmp.php ]--8<-- --8<--[ httpd.conf ]--8<-- ## doesn't work php_admin_value open_basedir /home/sites/site15/:/tmp ## also doesn't work # php_admin_value open_basedir / ## works, but is not what's desired # php_admin_value open_basedir none --8<-- Also tried to set open_basedir within the VirtualHost, didn' t work either. Expected result: no errors Actual result: -- open_basedir errors -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1
#34656 [Fbk->Opn]: open_basedir restriction in effect although paths are set correctly
ID: 34656 User updated by: wolfram at schlich dot org Reported By: wolfram at schlich dot org -Status: Feedback +Status: Open Bug Type: Safe Mode/open_basedir Operating System: Linux 2.2.16 i586 PHP Version: 4.4.0 New Comment: thanks! will do. Previous Comments: [2005-09-27 19:27:01] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Something related to open_basedir and the paths was just fixed. Give it an hour or two. [2005-09-27 19:24:09] wolfram at schlich dot org sorry, I cannot use anything other than php4 on that machines. they are used for webhosting, the customers depend on php4. thanks. [2005-09-27 19:09:06] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip [2005-09-27 12:44:53] wolfram at schlich dot org Description: Warning: touch(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 3 Warning: fopen(): open_basedir restriction in effect. File(/tmp/f5_test) is not within the allowed path(s): (/home/sites/site15/:/tmp) in /home/sites/site15/web/write_tmp.php on line 4 Warning: fopen(/tmp/f5_test): failed to open stream: Operation not permitted in /home/sites/site15/web/write_tmp.php on line 4 Warning: fwrite(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 5 Warning: fclose(): supplied argument is not a valid stream resource in /home/sites/site15/web/write_tmp.php on line 6 Reproduce code: --- --8<--[ write_tmp.php ]--8<-- --8<--[ httpd.conf ]--8<-- ## doesn't work php_admin_value open_basedir /home/sites/site15/:/tmp ## also doesn't work # php_admin_value open_basedir / ## works, but is not what's desired # php_admin_value open_basedir none --8<-- Also tried to set open_basedir within the VirtualHost, didn' t work either. Expected result: no errors Actual result: -- open_basedir errors -- Edit this bug report at http://bugs.php.net/?id=34656&edit=1
