Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:46972
Return-Path: <martin@divbyzero.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 23199 invoked from network); 9 Feb 2010 20:13:07 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Feb 2010 20:13:07 -0000
Authentication-Results: pb1.pair.com header.from=martin@divbyzero.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=martin@divbyzero.net; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain divbyzero.net from 87.230.111.147 cause and error)
X-PHP-List-Original-Sender: martin@divbyzero.net
X-Host-Fingerprint: 87.230.111.147 mx.bauer-kirch.de Linux 2.4/2.6
Received: from [87.230.111.147] ([87.230.111.147:35203] helo=mx.bauer-kirch.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 59/20-20635-1D1C17B4 for <internals@lists.php.net>; Tue, 09 Feb 2010 15:13:06 -0500
Received: by mx.bauer-kirch.de with ESMTP id 1NewSE-0004nw-0g; Tue, 09 Feb 2010 21:13:02 +0100
Message-ID: <4B71C1CC.5050004@divbyzero.net>
Date: Tue, 09 Feb 2010 21:13:00 +0100
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: internals@lists.php.net
Content-Type: multipart/mixed;
 boundary="------------010303020905090607090904"
Subject: Issue with safe mode check in tempnam()
From: martin@divbyzero.net (Martin Jansen)

--------------010303020905090607090904
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Recently we've experienced an issue regarding the safe mode check in
tempnam() which was introduced in r288945 4 months ago.  When calling
tempnam("/tmp/foo"), with /tmp/foo being a directory, it turned out that
the safe mode UID check was performed on /tmp instead of /tmp/foo. When
calling tempnam("/tmp/foo/"), everything worked as expected.  Changing
the mode parameter for the php_checkuid call from
CHECKUID_ALLOW_ONLY_DIR to CHECKUID_CHECK_FILE_AND_DIR fixes this issue.

A patch for PHP_5_2 is attached.  Is the chosen approach correct?  I
have been unable to come up with a fitting unit test because I could not
figure out how to create the necessary directory scaffolding in e.g.
/tmp with safe_mode=1 already being set in the --INI-- section of the test.

- Martin

--------------010303020905090607090904
Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0";
 name="tempnam-safe-mode.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="tempnam-safe-mode.patch"

SW5kZXg6IGZpbGUuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBmaWxlLmMJKHJldmlzaW9uIDI5NDc2
NCkKKysrIGZpbGUuYwkod29ya2luZyBjb3B5KQpAQCAtODI4LDcgKzgyOCw3IEBACiAJY29u
dmVydF90b19zdHJpbmdfZXgoYXJnMSk7CiAJY29udmVydF90b19zdHJpbmdfZXgoYXJnMik7
CiAKLQlpZiAoUEcoc2FmZV9tb2RlKSAmJighcGhwX2NoZWNrdWlkKFpfU1RSVkFMX1BQKGFy
ZzEpLCBOVUxMLCBDSEVDS1VJRF9BTExPV19PTkxZX0RJUikpKSB7CisJaWYgKFBHKHNhZmVf
bW9kZSkgJiYgKCFwaHBfY2hlY2t1aWQoWl9TVFJWQUxfUFAoYXJnMSksIE5VTEwsIENIRUNL
VUlEX0NIRUNLX0ZJTEVfQU5EX0RJUikpKSB7CiAJCVJFVFVSTl9GQUxTRTsKIAl9CiA=
--------------010303020905090607090904--