#18500 [Com]: Safe mode: php reports wrong uid on file

[ksvee at usit dot uio dot no]

ID: 18500
Comment by: ksvee at usit dot uio dot no
Reported By: b dot courtin at t-online dot net
Status: No Feedback
Bug Type: PHP options/info functions
Operating System: Solaris 2.8
PHP Version: 4.2.1
New Comment:

I still experience this bug for php-4.3.4/apache-1.3.29.

It seems to have been fixed in 4.2.3 (as this is the only newer version
of PHP that works for us on Solaris 8 (SunOS Release 5.8)) and
reintroduced in 4.3.X. From 4.3.0 through 4.3.4 this persists. The
snapshots tested gave no different results to the releases.

On linux (RedHat 7.3 through 9) this has never been a problem. We use a
non-standard setup, but have the same configure parameters on both
architectures (with the exeption of compiler used; gcc on linux, cc on
solaris).

I've tried using "--with-apxs=/path/to/apxs --prefix=/path/to/prefix"
as the only options to configure to no avail.

Errormessage from tests today (php-4.3.4 release), using the above
options to configure:

PHP Warning: Unknown(): SAFE MODE Restriction in effect. The script
whose uid is 1 is not allowed to access /full/path/to/script.php owned
by uid 0 in Unknown on line 0

From php.ini: safe_mode = On

'script.php' is owned by root, so what bothers me is that it at one
point finds that the running script (script.php) has uid=1, and at
another finds it to be uid=0 (which is correct as fileowner=root =>
uid=0). Changing owner of script.php does nothing (except getting
another uid in the error.log), unless that user has uid=1.

In script.php i do an fopen() on 'file.txt'. After doing a 'chmod 1
script.php' the script executes, but I get the same errormessage
(followed by a PHP Warning that fopen failed) unless I also do a chmod
on file.txt. When both files have uid=1, the script works.

Rgds,
Kenneth Svee


Previous Comments:
------------------------------------------------------------------------

[2003-02-26 18:48:15] rohan at cs dot rmit dot edu dot au

Another comment,

also looks related to 12683, I also have compiled
in mod_perl 1.x .... will try to compile without
mod_perl and see what happens

do I need to submit this as a new bug ? or will
this one be re-opened ?

Cheers

Rohan

------------------------------------------------------------------------

[2003-02-26 18:39:00] rohan at cs dot rmit dot edu dot au

Also suffering this bug in 4.3.1/apache 1.3.27

compiled using Sun workshop 7 on Solaris 8 Sparc

exact same errors, ie

reported uid always = 1
reported gid = file's uid

on all file operations fopen() include etc...

any progress on this ?

------------------------------------------------------------------------

[2002-12-30 14:28:27] westman dot 2 at osu dot edu

I have been working with trying to get safe_mode to work for almost a
week. I have used a number of versions for php, including the recently
released 4.3.0 and all of them are giving me this same error message.
I have searched the Internet (Google) as well as bugs.php.net, all to
no avail.

In fact, if I have safe_mode on, I am unable to include any file from
ANY directory, even the cwd, unless it is owned by 1 (even though "."
is enabled both in the include_path and in the safe_mode_include_dirs
statements in php.ini):

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose
uid/gid is 1/5004 is not allowed to access ./prepend.php owned by
uid/gid 0/1 in Unknown
on line 0

Warning: Unknown(prepend.php): failed to create stream: No such file or
directory in Unknown on line 0

Warning: Unknown(): Failed opening 'prepend.php' for inclusion
(include_path='.:/opt/apache/php:/opt/apache/php/lib:/opt/apache/php/inc')
in Unknown on line 0

Is it possible that safe_mode just doesn't work on Solaris?

------------------------------------------------------------------------

[2002-11-09 01:00:07] php-bugs at lists dot php dot net

No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

------------------------------------------------------------------------

[2002-10-24 12:19:21] [email]sniper@php.net[/email]

Please try using this CVS snapshot:

[url]http://snaps.php.net/php4-latest.tar.gz[/url]

For Windows:

[url]http://snaps.php.net/win32/php4-win32-latest.zip[/url]


Forget the pre1, use the snapshot. And if it really doesn't work,
update the version to '4.3.0-dev'.


------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
[url]http://bugs.php.net/18500[/url]

--
Edit this bug report at [url]http://bugs.php.net/?id=18500&edit=1[/url]

[priappub at yahoo dot fr]

ID: 18500
Comment by: priappub at yahoo dot fr
Reported By: b dot courtin at t-online dot net
Status: No Feedback
Bug Type: PHP options/info functions
Operating System: Solaris 2.8
PHP Version: 4.2.1
New Comment:

On Solaris 10 (11/06) with apache 2.0.58 and PHP 5.1.6, I
have the same problem. It seems like php_getuid() returns 1
instead of the UID of the script.


Previous Comments:
------------------------------------------------------------------------

[2003-11-10 12:11:30] ksvee at usit dot uio dot no

I still experience this bug for php-4.3.4/apache-1.3.29.

It seems to have been fixed in 4.2.3 (as this is the only newer version
of PHP that works for us on Solaris 8 (SunOS Release 5.8)) and
reintroduced in 4.3.X. From 4.3.0 through 4.3.4 this persists. The
snapshots tested gave no different results to the releases.

On linux (RedHat 7.3 through 9) this has never been a problem. We use a
non-standard setup, but have the same configure parameters on both
architectures (with the exeption of compiler used; gcc on linux, cc on
solaris).

I've tried using "--with-apxs=/path/to/apxs --prefix=/path/to/prefix"
as the only options to configure to no avail.

Errormessage from tests today (php-4.3.4 release), using the above
options to configure:

PHP Warning: Unknown(): SAFE MODE Restriction in effect. The script
whose uid is 1 is not allowed to access /full/path/to/script.php owned
by uid 0 in Unknown on line 0

From php.ini: safe_mode = On

'script.php' is owned by root, so what bothers me is that it at one
point finds that the running script (script.php) has uid=1, and at
another finds it to be uid=0 (which is correct as fileowner=root =>
uid=0). Changing owner of script.php does nothing (except getting
another uid in the error.log), unless that user has uid=1.

In script.php i do an fopen() on 'file.txt'. After doing a 'chmod 1
script.php' the script executes, but I get the same errormessage
(followed by a PHP Warning that fopen failed) unless I also do a chmod
on file.txt. When both files have uid=1, the script works.

Rgds,
Kenneth Svee

------------------------------------------------------------------------

[2003-02-26 18:48:15] rohan at cs dot rmit dot edu dot au

Another comment,

also looks related to 12683, I also have compiled
in mod_perl 1.x .... will try to compile without
mod_perl and see what happens

do I need to submit this as a new bug ? or will
this one be re-opened ?

Cheers

Rohan

------------------------------------------------------------------------

[2003-02-26 18:39:00] rohan at cs dot rmit dot edu dot au

Also suffering this bug in 4.3.1/apache 1.3.27

compiled using Sun workshop 7 on Solaris 8 Sparc

exact same errors, ie

reported uid always = 1
reported gid = file's uid

on all file operations fopen() include etc...

any progress on this ?

------------------------------------------------------------------------

[2002-12-30 14:28:27] westman dot 2 at osu dot edu

I have been working with trying to get safe_mode to work for almost a
week. I have used a number of versions for php, including the recently
released 4.3.0 and all of them are giving me this same error message. I
have searched the Internet (Google) as well as bugs.php.net, all to no
avail.

In fact, if I have safe_mode on, I am unable to include any file from
ANY directory, even the cwd, unless it is owned by 1 (even though "."
is enabled both in the include_path and in the safe_mode_include_dirs
statements in php.ini):

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose
uid/gid is 1/5004 is not allowed to access ./prepend.php owned by
uid/gid 0/1 in Unknown
on line 0

Warning: Unknown(prepend.php): failed to create stream: No such file or
directory in Unknown on line 0

Warning: Unknown(): Failed opening 'prepend.php' for inclusion
(include_path='.:/opt/apache/php:/opt/apache/php/lib:/opt/apache/php/inc')
in Unknown on line 0

Is it possible that safe_mode just doesn't work on Solaris?

------------------------------------------------------------------------

[2002-11-09 01:00:07] php-bugs at lists dot php dot net

No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
[url]http://bugs.php.net/18500[/url]

--
Edit this bug report at [url]http://bugs.php.net/?id=18500&edit=1[/url]