Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13100
Return-Path: <pollita@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25217 invoked by uid 1010); 1 Oct 2004 18:25:27 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 21736 invoked by uid 1007); 1 Oct 2004 18:24:26 -0000
Message-ID: <20041001182426.21711.qmail@pb1.pair.com>
To: internals@lists.php.net
References: <5.1.0.14.2.20040930225715.02f0e4b0@localhost>
Date: Fri, 1 Oct 2004 11:24:25 -0700
Lines: 19
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Posted-By: 169.229.135.175
Subject: Re: realpath patch
From: pollita@php.net ("Sara Golemon")

> I'd like to commit the realpath() patch I sent to the list for review a
> week or so ago. Unless there are any objections I'll commit it (to HEAD)
in
> 1-2 days. This will give it some more exposure and will have more people
> testing it.
>
Somehow the patch is no longer in my news spool, so rather then looking at
the source I'll just ask:  Are all uses of VCWD_REALPATH() effected by this?
If so it could provide a means to bypass basedir checks (and possibly
certain parts of safe_mode).  A scripter on a shared host could create a
symlink, get the cache to catch it, then change the symlink to point to a
different (ordinarily restricted) location, then do normal file ops letting
the basedir check believe that the script is accessing a valid location.

Can we roll in a VCWD_REALPATH_NO_CACHE() macro to avoid problems like this?

-Sara