Bug #17157 Updated: fopen can bypass safe_mode

rasmus Sat, 11 May 2002 12:44:45 -0700

 ID:               17157
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Open
+Status:           Duplicate
 Bug Type:         Scripting Engine problem
 Operating System: Linux 2.4.18
 PHP Version:      4.2.0
 New Comment:


Same bug as 17156 - fixed in CVS


Previous Comments:
------------------------------------------------------------------------

[2002-05-11 15:51:17] [EMAIL PROTECTED]

If a readfile() function is passed 3rd parameter, which normally
indicated that the file should be opened from the "include_path", it
can by pass safe_mode limitations.

ex.

<?php
fpassthru(fopen("/etc/passwd", "r", 1));
?>

------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=17157&edit=1

Bug #17157 Updated: fopen can bypass safe_mode

Reply via email to