#33723 [Fbk->Opn]: php_value overrides php_admin_value

ezmlm at mail dot ru Mon, 18 Jul 2005 23:42:38 -0700

 ID:               33723
 User updated by:  ezmlm at mail dot ru
 Reported By:      ezmlm at mail dot ru
-Status:           Feedback
+Status:           Open
 Bug Type:         Apache related
 Operating System: Linux
 PHP Version:      5CVS-2005-07-18
 New Comment:


This problem does not exist in php5 module for Apache2. It only exists
in php5 module for Apache1 cause those are completly different
modules.
Using php_admin_value safe_mode 1 didn't change anything.

again the steps to reproduce the problem. 
Apache 1.3.33 is configured with ./configure --enable-module=so
and installed with make && make install

php is configured with ./configure 
--with-apxs=/usr/local/apache/bin/apxs
then installed with make && make install

In httpd.conf added:
AddType application/x-httpd-php .php .phtml
php_admin_value safe_mode on
In <Directory "/usr/local/apache/htdocs"> section set
AllowOverride Options to allow php_flag and php_value in .htaccess

In /usr/local/apache/htdocs created info.phtml:
<?php
    system('cat /etc/passwd');
    phpinfo();
?>

The result is that safe_mode is ON and content of /etc/passwd IS NOT
displayed.

Now create .htaccess in /usr/local/apache/htdocs:
php_flag safe_mode off

The result is that phpinfo() shows safe_mode is OFF and content of
/etc/passwd IS displayed.


Previous Comments:
------------------------------------------------------------------------

[2005-07-19 00:45:21] [EMAIL PROTECTED]

Try change that php_admin_value line in httpd.conf to this:

php_admin_value safe_mode 1


------------------------------------------------------------------------

[2005-07-19 00:43:19] [EMAIL PROTECTED]

I can't reproduce this override problem when using Apache2.


------------------------------------------------------------------------

[2005-07-19 00:37:23] [EMAIL PROTECTED]

Solved. I had wrong permissions and owners set on the path and script I
used. safe-mode works as expected.



------------------------------------------------------------------------

[2005-07-18 19:18:20] [EMAIL PROTECTED]

I can't get safe-mode to work at all when using PHP CVS HEAD (5.1-dev).
No matter where I set it, be it php.ini or httpd.conf



------------------------------------------------------------------------

[2005-07-18 10:35:56] ezmlm at mail dot ru

I've tried. safe_mode is really turned off. I can use system and exec
and read other users files that are readable by apache.
For instance system('cat /etc/passwd') works fine

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/33723

-- 
Edit this bug report at http://bugs.php.net/?id=33723&edit=1

#33723 [Fbk->Opn]: php_value overrides php_admin_value

Reply via email to