 |
 |
 |
 |
|
|
Date: 08/30/01
- Next message: bastian <email protected>: "[PHP-DEV] Bug #13061: connection-timeout doesn't work"
- Previous message: sander <email protected>: "[PHP-DEV] Bug #3219 Updated: GDTTF error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: admin <email protected>
Operating system: Linux
PHP version: 4.0.6
PHP Bug Type: *Configuration Issues
Bug description: "allow_url_fopen = On" disables safe_mode UID check
When I turn off allow_url_fopen in php.ini the safe_mode UID check seems to
be disabled.
With "allow_url_fopen = on" an include("/etc/passwd") returns the following
error:
"The script whose uid is 10000 is not allowed to access /etc/passwd owned
by uid 0"
after I've changed the settings to "allow_url_fopen = off" the inclusion
works fine, so there is no way to prevent customers from including external
files and local system files.
-- Edit bug report at: http://bugs.php.net/?id=13060&edit=1-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: bastian <email protected>: "[PHP-DEV] Bug #13061: connection-timeout doesn't work"
- Previous message: sander <email protected>: "[PHP-DEV] Bug #3219 Updated: GDTTF error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]