Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:55641
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender)
Message-ID: <4E825084.4040703@thelounge.net>
Date: Wed, 28 Sep 2011 00:39:00 +0200
Organization: the lounge interactive design
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20110906 Thunderbird/6.0.2
MIME-Version: 1.0
To: internals@lists.php.net
References: <4E81902E.1020304@thelounge.net> <4E824B36.4040209@gmail.com> <4E824BF7.9070405@thelounge.net> <4E824F69.1010703@gmail.com>
In-Reply-To: <4E824F69.1010703@gmail.com>
OpenPGP: id=7F780279;
	url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig334C476DE6586EAD25FF557D"
Subject: Re: [PHP-DEV] open_basedir bypass -> errata tempnam()
From: h.reindl@thelounge.net (Reindl Harald)

--------------enig334C476DE6586EAD25FF557D
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable



Am 28.09.2011 00:34, schrieb =C1ngel Gonz=E1lez:
> Reindl Harald schrieb:
>> [root@arrakis:~]$ stat /tmp/rhcsvz8QeBL
>>     File: =84/tmp/rhcsvz8QeBL=93
>>> Are you sure it is the fopen() what is making it?
>>> I think that some other function/extension may be creating the tempor=
ary file
>>> /tmp/rhcsvz8QeBL for you to open, which then fails due to the open_ba=
sedir.
>> errata - it is tempnam() if $dir is not writeable which falls back to =
/tmp
>> this fallback should not happen if /tmp is NOT in open_basedir and
>> tempname() should spit out the error instead the following fopen()
>>
>> better would be if tempnam() stops and gives out a warning that $dir i=
s
>> not writeable - it had a reason that the $dir param was used and if
>> there is an error it is a bad behavior that php takes something else
>>
>> we are speaking about a programming language and not a gambling machin=
e :-)
> I had also tried with tempnam() [there's not tempname()], and it correc=
tly spitted
> an open_basedir error and didn't create the file.
> Which php version are you using?

PLEASE REPLY ONLY TO THE LIST
this was the second time that i used one of your two copies and
replied off-list the first time, if you get a mail from a mailing-list
the sender gets your answer if it goes to the list only :-)

5.3.8

$GLOBALS['cl_api']->folders->temp =3D dirname(__FILE__) . '/temp/';

that was why i did first not understand why /tmp ever was used
and than it took some time to realize that /tmp is used because
$GLOBALS['cl_api']->folders->temp was not writeable and that the
temporary files were created with zero bytes

$tmp_name =3D str_replace("\\", '/', tempnam($GLOBALS['cl_api']->folders-=
>temp, 'rhcsv'));
$fp =3D fopen($tmp_name, 'wb+');
if($fp)
{
 flock($fp, LOCK_EX);
 fwrite($fp, $data);
 flock($fp, LOCK_UN);
 fclose($fp);
}


--------------enig334C476DE6586EAD25FF557D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6CUIQACgkQhmBjz394Anml6QCfduvni9torPvcGafqtFnQyxO5
/0MAn2iX7C0vZ/MERT1YX+X0+nKgW+QW
=G93F
-----END PGP SIGNATURE-----

--------------enig334C476DE6586EAD25FF557D--