ID: 33723
User updated by: ezmlm at mail dot ru
Reported By: ezmlm at mail dot ru
-Status: Feedback
+Status: Open
Bug Type: Apache related
Operating System: Linux
PHP Version: 5.0.4
New Comment:
I've tried. safe_mode is really turned off. I can use system and exec
and read other users files that are readable by apache.
For instance system('cat /etc/passwd') works fine
Previous Comments:
------------------------------------------------------------------------
[2005-07-18 10:27:18] [EMAIL PROTECTED]
Even if phpinfo() shows that some .ini option has different value, it's
not necessarily true. Try do something that "safe"
mode should prevent you from doing.
------------------------------------------------------------------------
[2005-07-18 09:35:18] ezmlm at mail dot ru
The same problem with php5-latest
------------------------------------------------------------------------
[2005-07-18 02:16:29] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
------------------------------------------------------------------------
[2005-07-16 13:22:11] ezmlm at mail dot ru
Description:
------------
PHP5 for apache 1.3.33 built as DSO allows php_admin_value
(php_admin_flag) options marked as PHP_INI_SYSTEM to be reset in
.htaccess files by using php_value (php_flag). safe_mode for example.
To demonstrate the problem in php.ini set safe_mode = Off, in
httpd.conf, set:
php_admin_value safe_mode on
Get phpinfo to verify that safe_mode is on.
Now create .htaccess file in document_root containing:
php_flag safe_mode off
(or even php_flag safe_mode on)
Get phpinfo again and note that safe_mode was reset to off (php.ini
initial value)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=33723&edit=1
