Posted by Rocky Zhou on 03/21/07 12:27

Today I found a problem, when I wrote a section of PHP code like this:

<?php
$fp = fopen("/etc/passwd","r");
if($fp)
{
echo 'ok!';
$result = fread($fp,
8192);
return $result;
echo $result;
}
else
{
echo 'no!';
}
?>

I found that it realy can read the passwd file! I'm not very familiar
with PHP, so I don't know is there any configuration options to limit
this behavior(in php.ini)? I think it isn't the apache problem, so it
do no favor to modify httpd.conf, is it?

I googled and get some infomation like 'open_basedir' parameter. But
my LAMP sites have many virtual host, every host blongs to different
user, his/her 'DocumentRoot' belongs to a system user like this:
ls /www/users -l
drwx--x--x 17 user_elnzpjps ftpd 4096 Mar 13 16:42 test11.com
So I think it is not a good idea to make open_basedir to be 'www/
users', because it's a problem when one user can read the files of
another.

So, what is the resolution?

Thank you.

• Next in forum: Re: php program can read /etc/passwd?
• Prev in forum: Re: concatination & single quote
• Thread view: php program can read /etc/passwd?

[Reply to this message]