Hi
Bug #14923 concerns PHP's is_writable, etc., functions & POSIX ACLs.
Likewise, Bug #30931 concerns the same thing.
According to this bug, PHP is not using the access() system call to
determine
file access, but doing its own computation based on the file's uid,
gid, groups & mode.
Now, the bug tracking system reports that sterling fixed this in CVS on
2 Jul 2002.
However, my testing in PHP 5.0.5 indicates this bug is still there.
Comments of various people in #30931 confirm this.
#30931 was marked "no feedback"...
And examining the PHP source code for 5.0.5 (ext/standard/filestat.c),
I see it is
still doing its on computation rather than calling the access() system
call.
Under 4.3.11, I observe in the same file that it is calling
VCWD_ACCESS, but only
under WIN32.
Using access() rather than doing a computation based on access modes is
the
"Right Thing To Do", since most modern OSs support significantly more
complex
security architectures than can be expressed using traditional unix
permissions.
And frankly, how the OS' security model works in not something PHP
should be concerned with.
It should simply ask the OS to do all that working out for it...
Cheers
Simon Kissane
Simon Kissane
Web Developer/Programmer
Macquarie University 2109
Simon.Kissane@mq.edu.au
+61 2 9850 6552
Simon Kissane wrote:
Bug #14923 concerns PHP's is_writable, etc., functions & POSIX ACLs.
Likewise, Bug #30931 concerns the same thing.
This bug has been fixed in CVS as pointed by Bug #34957.
So Bugs #14923, #30931 and #34957 are all finally closed, thanks to Wez.
Regards,
Cristiano Duarte