View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000450 | PHP for OS/2, ArcaOS & eComStation (PHP versions v8.x v7.x v5.x) | Bug | public | 2010-11-21 14:15 | 2022-05-14 06:37 |
| Reporter | Igor Vaskov | Assigned To | psmedley | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | unable to reproduce | ||
| Platform | OS/2 | OS | ECS | OS Version | 2.0 |
| Summary | 0000450: Parameter safe_mode_exec_dir in php.ini do not working correctly | ||||
| Description | Please check algorithm for comparing path strings in the PHP. Does not work correctly open_basedir and safe_mode_exec_dir. Perhaps the problem with slashes right or left. Or a problem with the presence or absence of a drive letter at the beginning. Error that safe_mode = Off can not perform any function exec() regardless of the path in line safe_mode_exec_dir. | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
|
|
got a simple example to test with? It's probably missing some code to handle drive letters somewhere - ie it should be using the win32 code. Which PHP version is this? |
|
|
Sample in attache (tst.zip). open_basedir works correctly if the string begins with a drive letter. In an example of a true archive format parameter open_basedir. But safe_mode_exec_dir is not working. In the example, several variants of the parameter and none is working. If safe_mode is turned off, the example should work. If safe_mode is turned on, the example should work if the correct value safe_mode_exec_dir, but not working correctly. |
|
|
This should be fixed in 5.3.4 There were some drive letter changes for open_basedir that were present for WIN32 and not OS2 |
|
|
I'm using php 5.3.3. This is the latest version in this site. I'm waiting for version 5.3.4. |
|
|
5.3.4 is uploading now. http://download.smedley.info/php-5.3.4-os2-20101221.zip |
|
|
Now does not work anyway. If there is a drive letter at the beginning of the string if it does not much depend on what the slashes are used. In any case, the log file write error - not allowed to file execution. Tested by modifying the settings in the file php_value open_basedir .htaccess. Contained in Attachments example does not work. Please check on the performance of an example from the tst.zip |
|
|
I use latest http://download.smedley.info/php-5.3.6-os2-20110412.zip . Please check again realization comparing strings in open_basedir and safe_mode_exec_dir! Security features PHP do not work. This is really problem in my hosting. |
|
|
will try look at this over the weekend |
|
|
checking whether to enable safe mode by default... no checking for safe mode exec dir... /usr/local/php/bin This probably explains why safe_mode doesn't work... Note that safe_mode will not be present in PHP 5.4.0 - see: http://php.net/manual/en/ini.sect.safe-mode.php |
|
|
Actually I think the problem is that exec doesn't work under any circumstances more so than a problem with safe_mode... |
|
|
with safe_mode = off the following works: <?php echo exec('ls.exe'); ?> With safe_mode = On and safe_mode_exec_dir set, it fails working on it now |
|
|
Note with safe_mode_exec_dir set using forward slash it seems to work here, but your testcase doesn't/// |
|
|
I have read this note. If this functionality removed from version 5.4.0 then do not need this repair. But there is a problem. How to ensure the restriction of the PHP scripts to access the data? Or now it is in principle not possible under OS/2? It turns out that the script will have access to data on the entire system and not to limit it? But no message about the open_basedir that is deprecated. Please repair open_basedir. In PHP.INI open_basedir = "F:\apache2\root\" Error log: [23-Jul-2011 16:36:42] PHP Warning: Unknown: open_basedir restriction in effect. File(F:\apache2\root\t.php) is not within the allowed path(s): (F:\apache2\root\) in Unknown on line 0 [23-Jul-2011 16:36:42] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 [23-Jul-2011 16:36:42] PHP Fatal error: Unknown: Failed opening required 'F:/apache2/root/t.php' (include_path='.;\php\includes') in Unknown on line 0 In PHP.INI open_basedir = "F:/apache2/root/" Error log: [23-Jul-2011 16:38:49] PHP Warning: Unknown: open_basedir restriction in effect. File(F:\apache2\root\t.php) is not within the allowed path(s): (F:/apache2/root/) in Unknown on line 0 [23-Jul-2011 16:38:49] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 [23-Jul-2011 16:38:49] PHP Fatal error: Unknown: Failed opening required 'F:/apache2/root/t.php' (include_path='.;\php\includes') in Unknown on line 0 In PHP.INI open_basedir = "/apache2/root/" Error log: [[23-Jul-2011 16:42:28] PHP Warning: Unknown: open_basedir restriction in effect. File(F:\apache2\root\t.php) is not within the allowed path(s): (/apache2/root/) in Unknown on line 0 [23-Jul-2011 16:42:28] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 [23-Jul-2011 16:42:28] PHP Fatal error: Unknown: Failed opening required 'F:/apache2/root/t.php' (include_path='.;\php\includes') in Unknown on line 0 |
|
|
is the issue wth open_basedir still present in 5.3.8? |
|
|
in my latest code there is a specific check for both forms of slash drive separatre enabled for OS/2: #if defined(PHP_WIN32) || defined(NETWARE) || defined(__OS2__) path_file = strrchr(path_tmp, DEFAULT_SLASH); if (!path_file) { path_file = strrchr(path_tmp, '/'); } #else path_file = strrchr(path_tmp, DEFAULT_SLASH); #endif I'm not sure when I enabled this codepath for OS/2 |
|
|
php 5.8.3 Parameter open_basedir do not works. After the Apache error became a zombie process. Helped only a reboot. ===errpr_log================ [Sun Jan 08 20:44:32 2012] [error] [client 127.0.0.1] PHP Warning: Unknown: open_basedir restriction in effect. File(F:\\apache2\\root\\tst\\index.php) is not within the allowed path(s): (F:\\apache2\\root\\tst\\) in Unknown on line 0, referer: http://localhost/ [Sun Jan 08 20:44:32 2012] [error] [client 127.0.0.1] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0, referer: http://localhost/ [Sun Jan 08 20:44:32 2012] [error] [client 127.0.0.1] PHP Fatal error: Unknown: Failed opening required 'F:/apache2/root/tst/index.php' (include_path='.;F:\\php5\\includes') in Unknown on line 0, referer: http://localhost/ Ked by SIGSEGV pid=0x0049 ppid=0x0047 tid=0x0001 slot=0x0082 pri=0x0200 mc=0x0001 F:\APACHE2\BIN\HTTPD.EXE LIBC064 0:000f0242 cs:eip=005b:1f640242 ss:esp=d7d7:0022fd72 ebp=0022fdc8 ds=d7d7 es=d7d7 fs=150b gs=150b efl=00210206 eax=0000d7d7 ebx=0022fda0 ecx=00000001 edx=0000150b edi=0022fe48 esi=006dceb8 Process dumping was disabled, use DUMPPROC / PROCDUMP to enable it. ttp://localhost/ [Sun Jan 08 20:44:34 2012] [error] [client 127.0.0.1] PHP Fatal error: Unknown: Failed opening required 'F:/apache2/root/t.php' (include_path='.;F:\\php5\\includes') in Unknown on line 0, referer: http://localhost/ [Sun Jan 08 20:46:20 2012] [notice] caught SIGTERM, shutting down ================================================================== |
|
|
In last attache sample for test this bug. Please edit .htaccess for your path. |
|
|
Please test with a supported release and if this is still an issue, open a new ticket. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-11-21 14:15 | Igor Vaskov | New Issue | |
| 2010-11-22 08:30 | psmedley | Note Added: 0001767 | |
| 2010-11-22 14:44 | Igor Vaskov | File Added: tst.zip | |
| 2010-11-22 14:58 | Igor Vaskov | Note Added: 0001768 | |
| 2010-12-20 04:42 | psmedley | Note Added: 0001778 | |
| 2010-12-20 04:42 | psmedley | Assigned To | => psmedley |
| 2010-12-20 04:42 | psmedley | Status | new => feedback |
| 2010-12-20 22:11 | Igor Vaskov | Note Added: 0001780 | |
| 2010-12-20 22:11 | Igor Vaskov | Status | feedback => assigned |
| 2010-12-20 22:54 | psmedley | Note Added: 0001781 | |
| 2010-12-21 00:22 | Igor Vaskov | Note Added: 0001782 | |
| 2011-07-22 10:27 | Igor Vaskov | Note Added: 0001937 | |
| 2011-07-22 10:44 | psmedley | Note Added: 0001939 | |
| 2011-07-23 04:49 | psmedley | Note Added: 0001943 | |
| 2011-07-23 05:43 | psmedley | Note Added: 0001944 | |
| 2011-07-23 06:49 | psmedley | Note Added: 0001945 | |
| 2011-07-23 06:59 | psmedley | Note Added: 0001946 | |
| 2011-07-23 12:21 | Igor Vaskov | Note Added: 0001947 | |
| 2011-07-23 12:30 | Igor Vaskov | Note Edited: 0001947 | |
| 2011-07-23 12:41 | Igor Vaskov | Note Edited: 0001947 | |
| 2011-07-23 12:43 | Igor Vaskov | Note Edited: 0001947 | |
| 2012-01-06 19:21 | psmedley | Note Added: 0002152 | |
| 2012-01-06 19:23 | psmedley | Note Added: 0002153 | |
| 2012-01-08 17:54 | Igor Vaskov | Note Added: 0002154 | |
| 2012-01-08 17:55 | Igor Vaskov | File Added: root.zip | |
| 2012-01-08 17:57 | Igor Vaskov | Note Added: 0002155 | |
| 2022-05-14 06:37 | psmedley | Status | assigned => resolved |
| 2022-05-14 06:37 | psmedley | Resolution | open => unable to reproduce |
| 2022-05-14 06:37 | psmedley | Note Added: 0004248 | |
| 2022-05-14 06:37 | psmedley | Status | resolved => closed |
