Re: [PHP-DEV] Re: PHP3 safe_mode and popen() From: amy veselka (amyveselka <email protected>)
Date: 01/04/00

I am looking for a PHP developer for a one month
contract in Austin, Texas. This person needs to have
PHP, Oracle, and HTML. It's on Linux, running Apache,
PHP, and Samba. If anyone is interested or you know
someone who might be could you please contact me as
soon as possible.

Thanks,
Amy Veselka
Whitaker Consulting
1-800-933-4883 ext 227

--- David TILLOY <d.tilloy <email protected>> wrote:
> Kristian Koehntopp [kris <email protected>] a écrit:
> > PHP3 (http://www.php.net) is a scripting language
> used in many
> > webhosting setups. Often in hosting setups so
> called "safe_mode"
> > is enabled, which restricts the user in many ways.
> For example,
> > in safe_mode you are supposed to be able to
> execute only
> > programs from a safe_mode_exec_dir, if one is
> defined. Within
> > that directory there should be only a restricted
> command set
> > that is considered safe.
>
> [.../...]
>
> Right... Your patch seems to work only with
> php-3.0.12.
> I attach modified version for php-3.0.13.
>
> dav.
>
>
> --
> David TILLOY - Chef de projets - <d.tilloy <email protected>>
> Neuronnexion (nnx) - 19/21, rue des Augustins -
> F-80000 Amiens
> Voice (+33 3).22.71.61.90 - Fax (+33 3).22.71.61.99
> > --- /tmp/php-3.0.13/functions/file.c Sat Jan 1
> 05:31:15 2000
> +++ functions/file.c Tue Jan 4 23:35:16 2000
> @@ -26,7 +26,7 @@
> | Authors: Rasmus Lerdorf <rasmus <email protected>>
> |
>
>
+----------------------------------------------------------------------+
> */
> -/* $Id: file.c,v 1.229 2000/01/01 04:31:15 sas Exp
> $ */
> +/* $Id: file.c,v 1.230 2000/01/03 21:31:31 kk Exp $
> */
> #include "php.h"
>
> #include <stdio.h>
> @@ -51,6 +51,7 @@
> #include "safe_mode.h"
> #include "php3_list.h"
> #include "php3_string.h"
> +#include "exec.h"
> #include "file.h"
> #if HAVE_PWD_H
> #if MSVC5
> @@ -575,7 +576,7 @@
> pval *arg1, *arg2;
> FILE *fp;
> int id;
> - char *p;
> + char *p, *tmp=NULL;
> char *b, buf[1024];
> TLS_VARS;
>
> @@ -601,6 +602,11 @@
>
>
snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val);
> }
> fp = popen(buf,p);
> +
> + tmp = _php3_escapeshellcmd(buf);
> + fp = popen(tmp,p);
> + efree(tmp); /* temporary copy, no longer
> necessary */
> +
> if (!fp) {
> php3_error(E_WARNING,"popen(\"%s\",\"%s\") -
> %s",buf,p,strerror(errno));
> RETURN_FALSE;
>
> > --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail:
> php-dev-unsubscribe <email protected>
> For additional commands, e-mail:
> php-dev-help <email protected>
> To contact the list administrators, e-mail:
php-list-admin <email protected>

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://messenger.yahoo.com 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>