[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[PHP] safe mode bug ?


I came upon a strange problem when trying to list directory's in safe mode as a normal user. Of course I expected this not to work, because safe_mode disables the possibility of reading files that not belong to the owner of the PHP-file. However, it does not seem to check for directory ownerships. (debian stable, PHP4.1.2). PHP does give a warning about safe_mode (as seen below) but then nicely lists the directory :( This means any user can just browse through any dir. on my system. PHP obviously still obeys UNIX file permissions so i could tighten up those, and enable basedir restrictions and stuff, but it looks to me that this is just a (major) bug ?

The php script

$file = '/etc';
if ($handle = opendir($file))
        while (false !== ($file = readdir($handle)))
                        echo "DIR:$file<br>";
                        echo "FILE:$file<br>";


*Warning*: SAFE MODE Restriction in effect. The script whose uid is 1059 is not allowed to access /etc owned by uid 0 in */home/robert/hensel.nl/robert/www/test_dir.php* on line *5*
FILE:init.d  ....(goes on)

safe_mode:    On    On
safe_mode_exec_dir:    no value    no value
safe_mode_gid:    Off    Off
safe_mode_include_dir:    no value    no value

thanks in advance for any thoughts about this.

Robert Hensel
E: robert@hensel.nl


This email and any attachment is intended for the
addressee only. If you are not the addressee, you
are notified that no part of the email or any
attachment may be disclosed, copied or distributed,
and that any other action related to this email or
attachment is strictly prohibited, and may be unlawful.

If you are not the addressee, please notify the sender
immediately by return email, and delete this message.


Reply to: