Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13101
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Message-ID: <5.1.0.14.2.20041001113226.02efa7e0@localhost>
Date: Fri, 01 Oct 2004 11:34:05 -0700
To: "Sara Golemon" <pollita@php.net>,internals@lists.php.net
In-Reply-To: <20041001182426.21711.qmail@pb1.pair.com>
References: <5.1.0.14.2.20040930225715.02f0e4b0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: Re: [PHP-DEV] Re: realpath patch
From: andi@zend.com (Andi Gutmans)

At 11:24 AM 10/1/2004 -0700, Sara Golemon wrote:
> > I'd like to commit the realpath() patch I sent to the list for review a
> > week or so ago. Unless there are any objections I'll commit it (to HEAD)
>in
> > 1-2 days. This will give it some more exposure and will have more people
> > testing it.
> >
>Somehow the patch is no longer in my news spool, so rather then looking at
>the source I'll just ask:  Are all uses of VCWD_REALPATH() effected by this?
>If so it could provide a means to bypass basedir checks (and possibly
>certain parts of safe_mode).  A scripter on a shared host could create a
>symlink, get the cache to catch it, then change the symlink to point to a
>different (ordinarily restricted) location, then do normal file ops letting
>the basedir check believe that the script is accessing a valid location.
>
>Can we roll in a VCWD_REALPATH_NO_CACHE() macro to avoid problems like this?

http://snaps.php.net/~andi/realpath_cache2.diff

Hmm, you are quite a hacker :)
I think you might be on to something. Can you take a look and see what 
changes we'd require?

Andi