[PHP-DEV] Bug #1713: copy() function allows copy files from anywhere in filesystem From: tecnica <email protected>
Date: 07/14/99

From: tecnica <email protected>
Operating system: Linux 2.2.10 / 2.2.9
PHP version: 3.0.11
PHP Bug Type: Other
Bug description: copy() function allows copy files from anywhere in filesystem

This problem was tested in two system´s

Linux 2.2.9 with php3.0.11 running as module of apache 1.3.6
Linux 2.2.10 with php3.0.7 running as module of apache 1.3.6

Php3.ini config

open_basedir= Some path in htdocs tree
enablesafemode=On
DocRoot=Dir of Apache root html files.

httpd.conf
DocumentRoot=Apache Root of htdocs

It is possible to create a .php3 page that can copy files outside de DocRoot Tree :

<? copy("/etc/passwd","passwd.copy") ?> => WORKS

But

<? fopen("/etc/passwd","R") ?> => FAIL becaus the open_basedir assignment.

In Security section of Manual, says that Security in php3 instaled with modules is APACHE
Security. In apache is impossible to httpd server with out a external script see files
above of DocumentRoot Directive

I want to know if its a config problem of my PHP3 + Apache installations or if it´s a BUG.

I also want to know if there are other functions with this problem/caracteristics.

I Saw in lists some problems like this, but they are in Windows NT OS. The answers
to this problems are uncomplete and focus that NT is a insecure and with a lot
of problems OS. But I can reproduce a similar problem in LINUX OS.

Congratulations and keep doing the good work.

Gomes, Marcio 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>