Re: PHP3 safe_mode and popen()

From: Thomas Köhler (jean-lucat_private)
Date: Wed Jan 05 2000 - 00:50:18 PST

Next message: cogNiTioN: "Re: L0pht Advisory: RH Linux 6.0/6.1, PAM and userhelper"

Previous message: Pavel Machek: "Re: Symlinks and Cryogenic Sleep"
Maybe in reply to: Kristian Koehntopp: "PHP3 safe_mode and popen()"
Next in thread: Kristian Koehntopp: "Re: PHP3 safe_mode and popen()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 05, 2000 at 04:27:48AM +0100,
David TILLOY <d.tilloyat_private> wrote:
> 
> Kristian Koehntopp [krisat_private] a écrit:
> > PHP3 (http://www.php.net) is a scripting language used in many
> > webhosting setups. Often in hosting setups so called "safe_mode"
> > is enabled, which restricts the user in many ways. For example,
> > in safe_mode you are supposed to be able to execute only
> > programs from a safe_mode_exec_dir, if one is defined. Within
> > that directory there should be only a restricted command set
> > that is considered safe.
> 
> 	[.../...]
> 	
> 	Right... Your patch seems to work only with php-3.0.12.
> 	I attach modified version for php-3.0.13.
> 	
> dav.

> --- /tmp/php-3.0.13/functions/file.c	Sat Jan  1 05:31:15 2000
> +++ functions/file.c	Tue Jan  4 23:35:16 2000
> @@ -26,7 +26,7 @@
>     | Authors: Rasmus Lerdorf <rasmusat_private>                       |
>     +----------------------------------------------------------------------+
>   */
> -/* $Id: file.c,v 1.229 2000/01/01 04:31:15 sas Exp $ */
> +/* $Id: file.c,v 1.230 2000/01/03 21:31:31 kk Exp $ */
>  #include "php.h"
> 
>  #include <stdio.h>
> @@ -51,6 +51,7 @@
>  #include "safe_mode.h"
>  #include "php3_list.h"
>  #include "php3_string.h"
> +#include "exec.h"
>  #include "file.h"
>  #if HAVE_PWD_H
>  #if MSVC5
> @@ -575,7 +576,7 @@
>  	pval *arg1, *arg2;
>  	FILE *fp;
>  	int id;
> -	char *p;
> +	char *p, *tmp=NULL;
>  	char *b, buf[1024];
>  	TLS_VARS;
>  	
> @@ -601,6 +602,11 @@
>  			snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val);
>  		}
>  		fp = popen(buf,p);

Not removing this line leaves the problem in PHP3. You'd better remove
it :-)

> +		
> +		tmp = _php3_escapeshellcmd(buf);
> +		fp = popen(tmp,p);
> +		efree(tmp); /* temporary copy, no longer necessary */
> +		
>  		if (!fp) {
>  			php3_error(E_WARNING,"popen(\"%s\",\"%s\") - %s",buf,p,strerror(errno));
>  			RETURN_FALSE;


CU,
Thomas

-- 
 Thomas Köhler Email:   jean-lucat_private   | LCARS - Linux for
     <><        WWW:  http://home.pages.de/~jeanluc/ | Computers on All
                IRC:             jeanluc             | Real Starships
   PGP public key: http://www.mayn.de/users/jean-luc/PGP-Public.asc

Next message: cogNiTioN: "Re: L0pht Advisory: RH Linux 6.0/6.1, PAM and userhelper"
Previous message: Pavel Machek: "Re: Symlinks and Cryogenic Sleep"
Maybe in reply to: Kristian Koehntopp: "PHP3 safe_mode and popen()"
Next in thread: Kristian Koehntopp: "Re: PHP3 safe_mode and popen()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:37 PDT