Bug 183459 - "open_basedir" does not work properly
Summary: "open_basedir" does not work properly
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: php
Version: 4
Hardware: i586
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-01 10:07 UTC by Tippa
Modified: 2008-03-10 04:08 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-03-10 04:08:09 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Tippa 2006-03-01 10:07:32 UTC
Description of problem:

"open_basedir" not working as expected. I have in httpd.conf (virtual host)

        <Directory "/">
                php_admin_value open_basedir "/web/somehost/"
        </Directory>

And anyway I can see the contents f.ex. "/etc/passwd" or "/etc/hosts" when using
php-script.


Version-Release number of selected component (if applicable):

Linux mymachine 2.6.15-1.1831_FC4smp #1 SMP Tue Feb 7 13:48:31 EST 2006 i686
i686 i386 GNU/Linux

PHP 5.0.4 (cli) (built: Nov 8 2005 08:27:12) Copyright (c) 1997-2004 The PHP
Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies

How reproducible:

Always. 

Steps to Reproduce:

Make a php-script f.ex. "test.php"

<?php
  echo "1. " . `whoami`;
  echo "<br>";
  echo "2. " . `php --version`;
  echo "<br>";
  echo "3. " . "open_basedir : " . ini_get ("open_basedir") . "<br>";
  echo "<br>";
  echo "4. " . `ls -la /etc/passwd`;
  echo "<br>";
  echo "5. " . `ls /`;
  echo "<br><br>";
  echo "6. ";
  passthru('cat /etc/hosts');
  echo "<br><br>";
  echo "7. " . `cat /etc/hosts`;
  echo "<br><br>";
  readfile('/etc/hosts');
?> 

  
Actual results:

1. apache
2. PHP 5.0.4 (cli) (built: Nov 8 2005 08:27:12) Copyright (c) 1997-2004 The PHP
Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies
3. open_basedir : /web/somehost/

4. -rw-r--r-- 1 root root 4439 Dec 9 09:15 /etc/passwd
5. bin boot dev etc home lib lost+found media misc mnt net opt proc root sbin
selinux srv sys tftpboot tmp usr var web

6. # Do not remove the following line, or various programs # that require
network functionality will fail. 127.0.0.1 localhost.localdomain localhost

7. # Do not remove the following line, or various programs # that require
network functionality will fail. 127.0.0.1 localhost.localdomain localhost


Warning: readfile() [function.readfile]: open_basedir restriction in effect.
File(/etc/hosts) is not within the allowed path(s): (/web/somehost/) in
/web/somehost/public/htdocs/test.php on line 18

Warning: readfile(/etc/hosts) [function.readfile]: failed to open stream:
Operation not permitted in /web/somehost/public/htdocs/test.php on line 18

Expected results:

I would expect that steps 5, 6 and 7 do not show information. 
Step 8. (readfile) works as expected (do not show the contents of the file).

Additional info:

Comment 1 Joe Orton 2006-03-06 13:39:46 UTC
Downgrading open_basedir issue from security severity (see e.g.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1).

Comment 2 Tippa 2006-03-08 07:07:49 UTC
Here is the whole virstualhost configuration section from httpd.conf (this is
not the only virtualhost in the httpd.conf).

<VirtualHost AAA.BBB.CCC.DDD>
        SuexecUserGroup somehost somehost
        ServerName www.somehost.fi
        ServerAlias somehost.fi
        ServerAdmin webmaster

        <Directory "/">
                php_admin_value open_basedir "/web/somehost/"
                php_admin_flag display_errors on
        </Directory>

        DocumentRoot "/web/somehost/public/htdocs"
        <Directory "/web/somehost/public/htdocs">
                AllowOverride FileInfo AuthConfig
                Order allow,deny
                Allow from all
        </Directory>
        ScriptAlias /cgi-bin/ "/web/somehost/public/cgi-bin/"
        <Directory "/web/somehost/public/cgi-bin">
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
        <Directory "/web/somehost/public/htdocs/php-cgi/">
                Options +FollowSymLinks
        </Directory>

        Customlog /web/somehost/logs/access_log combined
        Errorlog "/web/somehost/logs/error_log"
</VirtualHost>



Comment 3 Tippa 2006-03-08 07:16:02 UTC
And to be more accurate... The actual open_basedir has dot characters in it. So,
actually the syntax is:
    php_admin_value open_basedir "/web/www.somehost.com/"
If this happens to mean anything... But anyway...

Comment 4 Tippa 2006-03-30 20:09:40 UTC
Hello, is there anybody out there? I am still waiting for ...

Comment 5 Christian Iseli 2007-01-22 10:37:01 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 6 petrosyan 2008-03-10 04:08:09 UTC
Fedora Core 4 is no longer maintained.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.


Note You need to log in before you can comment on or make changes to this bug.