You are here: PHP 4 security File Access Issue on AIX « PHP Language « IT news, forums, messages
PHP 4 security File Access Issue on AIX

Posted by Alex Lirus on 06/22/07 08:27

Hi.
We are facing a problem with an old PHP application.

The application browse the local server directory in order to show to
the
client browser file info and data.

When we remove all the grants from "others", from any of the
directoryes or the
tree involved, or the files themself, the progam pop up with the
error:

------
Warning: opendir(/appl/apt000/pt0/include/p/): failed to open dir:
Permission denied in /appl/estion/AE/web/html/sources/filed/
gestioneOggetti.php on line 337
------


The PHP script line involved is
$hd=opendir($dir);
with $dir="/appl/apt000/pt0/include/p/"

This is the directory list where no "others" permissions are granted:

[aspt000@svuni330:/appl/apt000/pt0/include]#> ls -al p
drwxrwx--- 2 aspt000 aspt000 4096 Apr 19 12:52 p

If the directory gets backs the grants for "others"

[aspt000@svuni330:/appl/apt000/pt0/include]#> ls -al p
drwxrwxrwx 2 aspt000 aspt000 4096 Apr 19 12:52 p

evrything goes fine.

The user runnig the web server is in the same group (aspt000) (but is
not the
owner) of any of the dirs/files involved.

If we run a simple PHP script

We are using
- AIX 3.5
- PHP Version 4.3.8
- PHP API 20020918
- PHP Extension 20020429
- Zend Extension 20021010
- Thread Safety disabled
- Apache/1.3.33 (Unix) mod_ssl/2.8.24 OpenSSL/0.9.8d PHP/4.3.8
- Apache Release 10333100
- Apache API Version 19990320

We want to tighten the security on the machine so we have to remove
the "others"
grants, but in other hand we don't want to face a PHP upgrade to a
newer version.

Any suggestions ?

Thanks.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация