Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:55643
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender)
Message-ID: <4E82C679.9030800@thelounge.net>
Date: Wed, 28 Sep 2011 09:02:17 +0200
Organization: the lounge interactive design
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20110906 Thunderbird/6.0.2
MIME-Version: 1.0
To: internals@lists.php.net
References: <4E81902E.1020304@thelounge.net> <4E824B36.4040209@gmail.com> <4E824BF7.9070405@thelounge.net> <4E824F69.1010703@gmail.com> <4E825084.4040703@thelounge.net> <4E82B825.5060003@daylessday.org>
In-Reply-To: <4E82B825.5060003@daylessday.org>
OpenPGP: id=7F780279;
	url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigDC90A475E4C9013DD21C2317"
Subject: Re: [PHP-DEV] open_basedir bypass -> errata tempnam()
From: h.reindl@thelounge.net (Reindl Harald)

--------------enigDC90A475E4C9013DD21C2317
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable


Am 28.09.2011 08:01, schrieb Antony Dovgal:
> On 09/28/2011 02:39 AM, Reindl Harald wrote:
>> PLEASE REPLY ONLY TO THE LIST
>=20
> Please provide a short (10 lines max) but complete reproduce script.
> At the moment your explanations do not make any sense.

what do you think was the content of my last mail where you quoted only
a part of the "mailing-list-manual"? this was code directly from the
library where te problem exists, well i will help you to complete a
5-liner to make its "wrong" permissions and replace a class-var....
what exactly does not make sense?

* /tmp MUST NOT be in open_basedir
* the temp-folder must be read only
* QUESTION1: why is tempnam() falling back to a dir outside open_basedir?=

* QUESTION2: why is tempnam() creating a file OUTSIDE open_basedir?
* QUESTION3: why is there no error-msg taht $dir is readonly instead unex=
pected fallback

<?php
 $temp_folder =3D dirname(__FILE__) . '/temp/';
 mkdir($temp_folder);
 chmod($temp_folder, 0555);
 $tmp_name =3D str_replace("\\", '/', tempnam($temp_folder, 'rhcsv'));
 $fp =3D fopen($tmp_name, 'wb+');
 if($fp)
 {
  flock($fp, LOCK_EX);
  fwrite($fp, 'test');
  flock($fp, LOCK_UN);
  fclose($fp);
 }
?>

Warning: fopen() [function.fopen.php]: open_basedir restriction in effect=
=2E File(/tmp/rhcsv5f9RIs) is not within the
allowed path(s): (/mnt/data/www/beta.rhsoft.net:/Volumes/dune/www-servers=
/phpincludes:/var/www/uploadtemp) in
/mnt/data/www/beta.rhsoft.net/tempname.php on line 6
Warning: fopen(/tmp/rhcsv5f9RIs) [function.fopen.php]: failed to open str=
eam: Operation not permitted in
/mnt/data/www/beta.rhsoft.net/tempname.php on line 6

[harry@srv-rhsoft:~]$ stat /tmp/rhcsv5f9RIs
  Datei: =84/tmp/rhcsv5f9RIs=93
  Gr=F6=DFe: 0              Bl=F6cke: 0          EA Block: 4096   regul=E4=
re leere Datei
Ger=E4t: 809h/2057d       Inode: 48          Verkn=FCpfungen: 1
Zugriff: (0600/-rw-------)  Uid: (   48/  apache)   Gid: (   48/  apache)=

Zugriff    : 2011-09-28 08:58:01.046916064 +0200
Modifiziert: 2011-09-28 08:58:01.046916064 +0200
Ge=E4ndert   : 2011-09-28 08:58:01.046916064 +0200


--------------enigDC90A475E4C9013DD21C2317
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6CxnkACgkQhmBjz394AnkSFQCfRCmhnzMEuuxPcL1B56tMkWZ+
3DUAniwrIkUyUff9cEOekWiMbUten1AM
=E+Ca
-----END PGP SIGNATURE-----

--------------enigDC90A475E4C9013DD21C2317--