[php-maint] Bug#229891: marked as done (php4: open_basedir restriction + symlinks problem)

Debian Bug Tracking System owner at bugs.debian.org
Sat Aug 13 12:33:10 UTC 2005 

Your message dated Sat, 13 Aug 2005 14:20:32 +0200
with message-id <1123935632.12147.71.camel at maple.active24.cz>
and subject line php4: open_basedir restriction + symlinks problem
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Jan 2004 10:44:19 +0000
>From root at mantra.bgit.net Tue Jan 27 02:44:19 2004
Return-path: <root at mantra.bgit.net>
Received: from mantra.online.bg (mantra.bgit.net) [217.75.128.129] 
	by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
	id 1AlQhb-0008JN-00; Tue, 27 Jan 2004 02:44:17 -0800
Received: (qmail 24794 invoked by uid 0); 27 Jan 2004 10:43:56 -0000
Message-ID: <20040127104356.24793.qmail at mantra.bgit.net>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Valery Dachev <valery at mantra.bgit.net>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: php4: open_basedir restriction + symlinks problem
X-Mailer: reportbug 2.37
Date: Tue, 27 Jan 2004 12:43:56 +0200
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_01_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no 
	version=2.60-bugs.debian.org_2004_01_25
X-Spam-Level: 

Package: php4
Version: 4:4.3.3-4
Severity: normal
Tags: security

I have the following problem: my /home partition is mounted in /mnt/home
and I have symlinked: "ln -s /mnt/home /home". That's OK ! Now I have
some users in /home and their sites in it, let's say the user "valery".
	Homedir: /home/staff/valery
	Sitesdir: /home/staff/valery/sites
	Docroot: /home/staff/valery/sites/valery.bgit.net/htdocs
So, I put an open_basedir restriction like this one:
	php_admin_value open_basedir    "/home/staff/valery/sites/"
I've got the following test script:
	<? fopen( '/home/staff/valery/sites/test.txt', 'w+' ) ?>
And I have the following message:
	Warning: fopen(): open_basedir restriction in effect.
	file(/home/staff/valery/sites/test.txt) is not within the allowed
	path(s): (/home/staff/valery/sites/) in
	/mnt/home/staff/valery/sites/valery.bgit.net/htdocs/test.php on line 2
You can see that the error message by itself looks quite absurd. The
problem IS in symlinks. I saw this bug reported to PHP website, but at
least in the Debian version it doesn't seems to be fixed. The only
solution is to mount the home partition directly in /home, as changing
the paths to /mnt/home/... doesn't help, as users use /home/... paths in
their websites). There's a way this can be patched, but I was unable to
do that. Thanks in advance !

Best regards,
Valery Dachev

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux mantra 2.4.23-ow1 #2 Tue Dec 2 02:53:25 EET 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages php4 depends on:
ii  apache-common               1.3.29.0.1-3 Support files for all Apache webse
ii  debconf                     1.3.22       Debian configuration management sy
ii  libbz2-1.0                  1.0.2-1      A high-quality block-sorting file 
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libdb4.1                    4.1.25-16    Berkeley v4.1 Database Libraries [
ii  libexpat1                   1.95.6-6     XML parsing C library - runtime li
ii  libmm13                     1.3.0-1      Shared memory library - runtime
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libpcre3                    4.3-4        Philip Hazel's Perl 5 Compatible R
ii  mime-support                3.24-1       MIME files 'mime.types' & 'mailcap
ii  zlib1g                      1:1.2.1-3    compression library - runtime

-- debconf information:
  php4/update_apache_php_ini: true


---------------------------------------
Received: (at 229891-done) by bugs.debian.org; 13 Aug 2005 12:20:21 +0000
>From ondrej at sury.org Sat Aug 13 05:20:21 2005
Return-path: <ondrej at sury.org>
Received: from mail.active24.cz [81.95.104.4] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E3uzt-0004yX-00; Sat, 13 Aug 2005 05:20:21 -0700
Received: from [192.168.1.2] (r4v190.chello.upc.cz [84.42.149.190])
	by mail.active24.cz (Postfix) with ESMTP id C6D3528000AF
	for <229891-done at bugs.debian.org>; Sat, 13 Aug 2005 14:23:45 +0200 (CEST)
Subject: Re: php4: open_basedir restriction + symlinks problem
From: Ondrej Sury <ondrej at sury.org>
To: 229891-done at bugs.debian.org
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-DfJ1CL4bV9nnnTeYEArF"
Date: Sat, 13 Aug 2005 14:20:32 +0200
Message-Id: <1123935632.12147.71.camel at maple.active24.cz>
Mime-Version: 1.0
X-Mailer: Evolution 2.3.7 
Delivered-To: 229891-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02


--=-DfJ1CL4bV9nnnTeYEArF
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

According to: http://bugs.php.net/bug.php?id=3D14076

It was fixed long ago.  I tested it on sarge and sid, by adding
open_basedir =3D /var/www/ and symlinking /var/www to /var/www.xxx/ and
file was created ok.

if you can reproduce it, feel free to reopen this bug and add test case.

O.
--=20
Ondrej Sury <ondrej at sury.org>

--=-DfJ1CL4bV9nnnTeYEArF
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBC/eWQ9OZqfMIN8nMRAhM6AJ9adUrM+WLfyRsSIJ157Dc3WdNEEACeJp5Y
ARic08gSiPa9VnqfXPuRX3o=
=gnHU
-----END PGP SIGNATURE-----

--=-DfJ1CL4bV9nnnTeYEArF--

More information about the pkg-php-maint mailing list