Bug 183459 - "open_basedir" does not work properly
"open_basedir" does not work properly
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: php (Show other bugs)
4
i586 Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-01 05:07 EST by Tippa
Modified: 2008-03-10 00:08 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-10 00:08:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tippa 2006-03-01 05:07:32 EST
Description of problem:

"open_basedir" not working as expected. I have in httpd.conf (virtual host)

        <Directory "/">
                php_admin_value open_basedir "/web/somehost/"
        </Directory>

And anyway I can see the contents f.ex. "/etc/passwd" or "/etc/hosts" when using
php-script.


Version-Release number of selected component (if applicable):

Linux mymachine 2.6.15-1.1831_FC4smp #1 SMP Tue Feb 7 13:48:31 EST 2006 i686
i686 i386 GNU/Linux

PHP 5.0.4 (cli) (built: Nov 8 2005 08:27:12) Copyright (c) 1997-2004 The PHP
Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies

How reproducible:

Always. 

Steps to Reproduce:

Make a php-script f.ex. "test.php"

<?php
  echo "1. " . `whoami`;
  echo "<br>";
  echo "2. " . `php --version`;
  echo "<br>";
  echo "3. " . "open_basedir : " . ini_get ("open_basedir") . "<br>";
  echo "<br>";
  echo "4. " . `ls -la /etc/passwd`;
  echo "<br>";
  echo "5. " . `ls /`;
  echo "<br><br>";
  echo "6. ";
  passthru('cat /etc/hosts');
  echo "<br><br>";
  echo "7. " . `cat /etc/hosts`;
  echo "<br><br>";
  readfile('/etc/hosts');
?> 

  
Actual results:

1. apache
2. PHP 5.0.4 (cli) (built: Nov 8 2005 08:27:12) Copyright (c) 1997-2004 The PHP
Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies
3. open_basedir : /web/somehost/

4. -rw-r--r-- 1 root root 4439 Dec 9 09:15 /etc/passwd
5. bin boot dev etc home lib lost+found media misc mnt net opt proc root sbin
selinux srv sys tftpboot tmp usr var web

6. # Do not remove the following line, or various programs # that require
network functionality will fail. 127.0.0.1 localhost.localdomain localhost

7. # Do not remove the following line, or various programs # that require
network functionality will fail. 127.0.0.1 localhost.localdomain localhost


Warning: readfile() [function.readfile]: open_basedir restriction in effect.
File(/etc/hosts) is not within the allowed path(s): (/web/somehost/) in
/web/somehost/public/htdocs/test.php on line 18

Warning: readfile(/etc/hosts) [function.readfile]: failed to open stream:
Operation not permitted in /web/somehost/public/htdocs/test.php on line 18

Expected results:

I would expect that steps 5, 6 and 7 do not show information. 
Step 8. (readfile) works as expected (do not show the contents of the file).

Additional info:
Comment 1 Joe Orton 2006-03-06 08:39:46 EST
Downgrading open_basedir issue from security severity (see e.g.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1).
Comment 2 Tippa 2006-03-08 02:07:49 EST
Here is the whole virstualhost configuration section from httpd.conf (this is
not the only virtualhost in the httpd.conf).

<VirtualHost AAA.BBB.CCC.DDD>
        SuexecUserGroup somehost somehost
        ServerName www.somehost.fi
        ServerAlias somehost.fi
        ServerAdmin webmaster@somehost.fi

        <Directory "/">
                php_admin_value open_basedir "/web/somehost/"
                php_admin_flag display_errors on
        </Directory>

        DocumentRoot "/web/somehost/public/htdocs"
        <Directory "/web/somehost/public/htdocs">
                AllowOverride FileInfo AuthConfig
                Order allow,deny
                Allow from all
        </Directory>
        ScriptAlias /cgi-bin/ "/web/somehost/public/cgi-bin/"
        <Directory "/web/somehost/public/cgi-bin">
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
        <Directory "/web/somehost/public/htdocs/php-cgi/">
                Options +FollowSymLinks
        </Directory>

        Customlog /web/somehost/logs/access_log combined
        Errorlog "/web/somehost/logs/error_log"
</VirtualHost>

Comment 3 Tippa 2006-03-08 02:16:02 EST
And to be more accurate... The actual open_basedir has dot characters in it. So,
actually the syntax is:
    php_admin_value open_basedir "/web/www.somehost.com/"
If this happens to mean anything... But anyway...
Comment 4 Tippa 2006-03-30 15:09:40 EST
Hello, is there anybody out there? I am still waiting for ...
Comment 5 Christian Iseli 2007-01-22 05:37:01 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 6 petrosyan 2008-03-10 00:08:09 EDT
Fedora Core 4 is no longer maintained.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.

Note You need to log in before you can comment on or make changes to this bug.