Re: PHP3 safe_mode and popen()

From: David TILLOY (d.tilloyat_private)
Date: Tue Jan 04 2000 - 14:51:33 PST

Next message: Darren Reed: "Re: irix-soundplayer.sh"

Previous message: Alfred Huger: "FWD: Redhat advisory"
Maybe in reply to: Kristian Koehntopp: "PHP3 safe_mode and popen()"
Next in thread: Thomas Köhler: "Re: PHP3 safe_mode and popen()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--Clx92ZfkiYIKRjnr
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Kristian Koehntopp [krisat_private] a écrit:
> PHP3 (http://www.php.net) is a scripting language used in many
> webhosting setups. Often in hosting setups so called "safe_mode"
> is enabled, which restricts the user in many ways. For example,
> in safe_mode you are supposed to be able to execute only
> programs from a safe_mode_exec_dir, if one is defined. Within
> that directory there should be only a restricted command set
> that is considered safe.

	[.../...]
	
	Right... Your patch seems to work only with php-3.0.12.
	I attach modified version for php-3.0.13.
	
dav.


--
David TILLOY - Chef de projets - <d.tilloyat_private>
Neuronnexion (nnx) - 19/21, rue des Augustins - F-80000 Amiens
Voice (+33 3).22.71.61.90 - Fax (+33 3).22.71.61.99

--Clx92ZfkiYIKRjnr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="php_popen-3.0.13.patch"

--- /tmp/php-3.0.13/functions/file.c	Sat Jan  1 05:31:15 2000
+++ functions/file.c	Tue Jan  4 23:35:16 2000
@@ -26,7 +26,7 @@
    | Authors: Rasmus Lerdorf <rasmusat_private>                       |
    +----------------------------------------------------------------------+
  */
-/* $Id: file.c,v 1.229 2000/01/01 04:31:15 sas Exp $ */
+/* $Id: file.c,v 1.230 2000/01/03 21:31:31 kk Exp $ */
 #include "php.h"

 #include <stdio.h>
@@ -51,6 +51,7 @@
 #include "safe_mode.h"
 #include "php3_list.h"
 #include "php3_string.h"
+#include "exec.h"
 #include "file.h"
 #if HAVE_PWD_H
 #if MSVC5
@@ -575,7 +576,7 @@
 	pval *arg1, *arg2;
 	FILE *fp;
 	int id;
-	char *p;
+	char *p, *tmp=NULL;
 	char *b, buf[1024];
 	TLS_VARS;
 	
@@ -601,6 +602,11 @@
 			snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val);
 		}
 		fp = popen(buf,p);
+		
+		tmp = _php3_escapeshellcmd(buf);
+		fp = popen(tmp,p);
+		efree(tmp); /* temporary copy, no longer necessary */
+		
 		if (!fp) {
 			php3_error(E_WARNING,"popen(\"%s\",\"%s\") - %s",buf,p,strerror(errno));
 			RETURN_FALSE;

--Clx92ZfkiYIKRjnr--

Next message: Darren Reed: "Re: irix-soundplayer.sh"
Previous message: Alfred Huger: "FWD: Redhat advisory"
Maybe in reply to: Kristian Koehntopp: "PHP3 safe_mode and popen()"
Next in thread: Thomas Köhler: "Re: PHP3 safe_mode and popen()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:09 PDT