#41492 [NEW]: open_basedir bypass via readfile() :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> php-dev

php-dev

#41492 [NEW]: open_basedir bypass via readfile()
by Bugs Dot Php Dot Net At Chsc Dot Dk other posts by this author
May 24 2007 8:56AM messages near this date

#39903 [Csd]: Notice message when executing __halt_compiler() more than once | #41492 [Opn->Csd]: open_basedir bypass via readfile()

From:             bugs dot php dot net at chsc dot dk
Operating system: Linux
PHP version:      5.2.2
PHP Bug Type:     Safe Mode/open_basedir
Bug description:  open_basedir bypass via readfile()

Description:
------------
file_exists() etc. does not allow checking the existence of files outside
the directories specified in open_basedir.

Appearently readfile() does *not* have this restriction and thus allows
checking the existence of files anywhere in the filesystem. If
realpath($filename) returns a string (i.e. not false), the file exists.
This is a circumvention of the open_basedir restriction in file_exists()
etc.


Reproduce code:
---------------
The following should always be true, but it isn't when $dir is outside the
directories specified in open_basedir:

var_dump(file_exists($dir) === (bool) realpath($dir));



-- 
Edit bug report at http://bugs.php.net/?id=41492&edit=1
-- 
Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41492&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41492&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41492&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=41492&r=fixedcvs
Fixed in release:             http://bugs.php.net/fix.php?id=41492&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=41492&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=41492&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=41492&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=41492&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=41492&r=notwrong
Not enough info:              http://bugs.php.net/fix.php?id=41492&r=notenoughinfo
Submitted twice:              http://bugs.php.net/fix.php?id=41492&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=41492&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=41492&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=41492&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=41492&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=41492&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=41492&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=41492&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=41492&r=mysqlcfg

Thread:

Bugs Dot Php Dot Net At Chsc Dot Dk

iliaa