PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Enjoy the Openness of MySQL
Object Orientation
PEAR Primer
Simulating Graphical Charts with XHTML/CSS
Eclipse for the PHP Developer

[PHP-DEV] PHP 4.0 Bug #3991: admin_values (like safe mode) can be overridden From: djm <email protected>
Date: 03/30/00

Next message: lumena <email protected>: "[PHP-DEV] PHP 4.0 Bug #3992: Segmentation Failure in call ibase_fetch_row()"
Previous message: Brad Atkins: "Re: [PHP-DEV] bindlib_w32"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: djm <email protected>
Operating system: BSD/OS 4.0.1
PHP version: 4.0 Release Candidate 1
PHP Bug Type: Misbehaving function
Bug description: admin_values (like safe mode) can be overridden

Security problem:

PHP4 with apache 1.3.12, built as a DSO, allows "admin" values and flags (those marked PHP_INI_SYSTEM in main.c) to be reset in .htaccess files. This bug also existed in PHP4b4 with apache 1.3.9.

To demonstrate the problem, in httpd.conf, set something like this:

php_admin_flag safe_mode On
php_admin_value doc_root "/opt/homes/web/testtest5"
php_admin_value open_basedir "/opt/homes/web/testtest5"
php_admin_value safe_mode_exec_dir "/opt/homes/web/testtest5/bin"

(your textarea made that last line wrap)

Create a phpinfo.php file under the document root containing:
<?php phpinfo()?>

GET phpinfo.php to verify that the settings above have been made.

Now, create a .htaccess in that directory containing:
php_value open_basedir "/"
php_value doc_root "/"
php_value safe_mode Off

GET phpinfo.php again and note that the values in the .htaccess file have superceded those in the server config file.

BTW, there's a related doc bug:
--- apidoc-zend.txt 2000/03/31 01:55:33 1.1.1.1
+++ apidoc-zend.txt 2000/03/31 03:44:44
@@ -238,7 +238,7 @@
and "bah" respectively - note that all defaults are always given as
strings. That doesn't reduce your ability to use integer values, simply
specify them as strings. "foo" is marked so that it can be changed by
-anyone at any time (PHP_INI_ALL), whereas "foo" is marked so it can be
+anyone at any time (PHP_INI_ALL), whereas "bar" is marked so it can be
changed only at startup in the php3.ini only, presumably, by the system
administrator (PHP_INI_SYSTEM).
When "foo" changes, no function is called. Access to it is done using the

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: lumena <email protected>: "[PHP-DEV] PHP 4.0 Bug #3992: Segmentation Failure in call ibase_fetch_row()"
Previous message: Brad Atkins: "Re: [PHP-DEV] bindlib_w32"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]