ID: 22270 Updated by: [email]iliaaphp.net[/email] Reported By: zlo at canada dot com -Status: Assigned +Status: No Feedback Bug Type: CGI related Operating System: RedHat 7.2 PHP Version: 4CVS-2003-02-18 (stable) Assigned To: shane Previous Comments: ------------------------------------------------------------------------ [2003-05-26 18:26:19] [email]sniperphp.net[/email] Does this happen with latest stable snapshot from snaps.php.net ? ------------------------------------------------------------------------ [2003-02-19 10:06:04] zlo at canada dot com here is my configure: ../configure' '--with-config-file-path=/path/to/php' '--prefix=/path/to/php-test' '--enable-force-cgi-redirect' '--disable-cli' '--enable-bcmath' '--enable-trans-sid' '--with-zlib-dir=/build/zlib-1.1.4' '--with-mysql=/usr/local' i also put cgi.fix_pathinfo in php.ini, doesn't help. ------------------------------------------------------------------------ [2003-02-19 01:09:34] [email]shanephp.net[/email] This has happened for some time, it's a big part of what prompted my starting on rewriting cgi stuff. ...
#22270 [Asn->NoF]: cgi binary ps itself when called directly ID: 22270
Updated by: [email]iliaaphp.net[/email]
Reported By: zlo at canada dot com
-Status: Assigned
+Status: No Feedback
Bug Type: CGI related
Operating System: RedHat 7.2
PHP Version: 4CVS-2003-02-18 (stable)
Assigned To: shane
Previous Comments:
------------------------------------------------------------------------
[2003-05-26 18:26:19] [email]sniperphp.net[/email]
Does this happen with latest stable snapshot from snaps.php.net ?
------------------------------------------------------------------------
[2003-02-19 10:06:04] zlo at canada dot com
here is my configure:
../configure' '--with-config-file-path=/path/to/php'
'--prefix=/path/to/php-test' '--enable-force-cgi-redirect'
'--disable-cli' '--enable-bcmath' '--enable-trans-sid'
'--with-zlib-dir=/build/zlib-1.1.4' '--with-mysql=/usr/local'
i also put cgi.fix_pathinfo in php.ini, doesn't help.
------------------------------------------------------------------------
[2003-02-19 01:09:34] [email]shanephp.net[/email]
This has happened for some time, it's a big part of what prompted my
starting on rewriting cgi stuff. It shouldn't happen with 4.3 if
cgi.fix_pathinfo=1, or if you don't compile with discard-path.
------------------------------------------------------------------------
[2003-02-18 07:29:10] zlo at canada dot com
when PHP cgi binary is called from cgi-bin without cgi-redirect, it
ps itself (argv[0] of the binary, whatever that happens to be)! i
don't think it represents much of a security problem (it still does to
some extent, because it reveals path to php and default settings), and
no sane person will run the cgi binary without cgi-redirect, but i
don't think its the way its supposed to be either..
here is a simple example; this also works with the php binary itself in
place of this binary.
this results in some binary output and the typical phpinfo() page in
the middle:
# cat php.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
const char *PHP_BINARY="/path/to/php/bin/php";
const char * dummy="<?php phpinfo(); ?>";
int main(int argc, char *argv[]){
execl(PHP_BINARY,argv[0],0);
return 1;
};
p.s. btw this simple wrapper (without the phpinfo() part, or course)
can be used as a workaround for the vulnerability with cgi-redirect
that resulted in the release of 4.3.1 since it removes parameters
before exec'ing php itself..
p.p.s. where can i post "feedback"? i can't seem to find it..
------------------------------------------------------------------------
--
Edit this bug report at [url]http://bugs.php.net/?id=22270&edit=1[/url]
Posting Permissions
Bookmarks