ID: 45997 Updated by: paj...@php.net Reported By: johannesdahse at gmx dot de -Status: Assigned +Status: Closed Bug Type: Safe Mode/open_basedir Operating System: win32 only PHP Version: 5.2.6 Assigned To: pajoye New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-09-04 19:03:37] johannesdahse at gmx dot de Description: ------------ safe_mode bypass with a preceding backslash. tested with exec(), system() and passthru(). on windows only. Sorry, I do feel this bug concerns a security issue but I got no response from secur...@php.net after sending 2 emails from 2 different accounts about 6 weeks ago. Reproduce code: --------------- on commandline: php -n -d safe_mode=on -r "exec('\ping 192.168.222.1');" with PHP script and enabled safe_mode in php.ini: <? exec('\ping 192.168.222.1'); ?> Expected result: ---------------- safe_mode turned on should block code execution from exec() and other functions. Actual result: -------------- By adding a backslash infront of the command the command got executed anyhow. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=45997&edit=1
