Re: PHP safe mode broken?

From: Michal Krause (michalat_private)
Date: Thu Jul 17 2003 - 01:08:08 PDT

Next message: Uwe Ohse: "Re: possible open relay hole in qmail-smtpd-auth patch"

Previous message: Bosen: "eStore SQL Injection Vulnerability & Path Disclosure"
In reply to: Michal Krause: "PHP safe mode broken?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16/07/2003, Michal Krause wrote:

> Hi,
> 
> I think there is a bug in PHP safe mode handling from version 4.3.0
> till now.

I forgot to provide straight information how to fix this bug until there
will be an official patch. I hope it was clear from my previous email,
but if not, there is one of possible solutions:

find function php_check_safe_mode_include_dir in file
main/fopen_wrappers.c and change its last statement from

return 0;

to 

return -1;

(you can find it at line 253 in PHP version 4.3.2).

Then recompile PHP, install it and restart web server.

To test it, create simple PHP script owned by some regular user, which
will try to include /etc/passwd for example.

<?
echo("trying to read /etc/passwd");
include("/etc/passwd");
?>

This script should fail on safe mode error (when safe mode is enabled,
of course).

Best regards
Michal Krause

Next message: Uwe Ohse: "Re: possible open relay hole in qmail-smtpd-auth patch"
Previous message: Bosen: "eStore SQL Injection Vulnerability & Path Disclosure"
In reply to: Michal Krause: "PHP safe mode broken?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 17 2003 - 10:00:53 PDT