[PHP] safe mode bug ?
Hi,
I came upon a strange problem when trying to list directory's in safe
mode as a normal user. Of course I expected this not to work, because
safe_mode disables the possibility of reading files that not belong to
the owner of the PHP-file. However, it does not seem to check for
directory ownerships. (debian stable, PHP4.1.2). PHP does give a warning
about safe_mode (as seen below) but then nicely lists the directory :(
This means any user can just browse through any dir. on my system. PHP
obviously still obeys UNIX file permissions so i could tighten up those,
and enable basedir restrictions and stuff, but it looks to me that this
is just a (major) bug ?
The php script
<?
$file = '/etc';
if ($handle = opendir($file))
{
chdir($file);
while (false !== ($file = readdir($handle)))
{
if(is_dir($file))
{
echo "DIR:$file<br>";
}
else
{
echo "FILE:$file<br>";
}
}
closedir($handle);
}
?>
*Warning*: SAFE MODE Restriction in effect. The script whose uid is
1059 is not allowed to access /etc owned by uid 0 in
*/home/robert/hensel.nl/robert/www/test_dir.php* on line *5*
DIR:.
DIR:..
FILE:modutils
FILE:ssh
FILE:init.d ....(goes on)
phpinfo:
safe_mode: On On
safe_mode_exec_dir: no value no value
safe_mode_gid: Off Off
safe_mode_include_dir: no value no value
thanks in advance for any thoughts about this.
--
Robert Hensel
E: robert@hensel.nl
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This email and any attachment is intended for the
addressee only. If you are not the addressee, you
are notified that no part of the email or any
attachment may be disclosed, copied or distributed,
and that any other action related to this email or
attachment is strictly prohibited, and may be unlawful.
If you are not the addressee, please notify the sender
immediately by return email, and delete this message.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Reply to: