Re: [cgiwrap-users] cgiwrap and php
Brought to you by:
nneul
Menu
▾
▴
Re: [cgiwrap-users] cgiwrap and php
|
From: Jack O. <ja...@he...> - 2001-08-29 08:28:08
|
Piotr Klaban wrote:
>
> On Wed, Aug 29, 2001 at 09:45:24AM +1000, Jack Olszewski wrote:
> > <b>Warning</b>: SAFE MODE Restriction in effect. The script whose
> > uid is 99 is not allowed to access /www/dran/index.php owned by uid
> > 502 in <b>/home/dran//E/runphp.cgi</b> on line <b>5</b><br>
> > ...
> > ---------------------------------------------------------------------
> >
> > The question is why php sees the uid of /home/dran//E/runphp.cgi as
> > still 99 despite its change into 502 by cgiwrap.
> >
> > Hope someone might be able to explain,
>
> I will try to.
>
> 1. The message is not from cgiwrap, but from php - that is clear.
> Then it is probably not cgiwrap related, the OT.
> 2. You have in line 5 of /home/dran//E/runphp.cgi
> something like
> require('/www/dran/index.php');
> where /www/dran/index.php is owned by 502 and /home/dran//E/runphp.cgi
> is owned by 99.
>
Yes, exactly.
> 3. Lets check it a while:
>
> % cat > testres.php
> <?php
> require('/etc/passwd');
> ?>
>
> % php -f testres.php
> PHP Warning: SAFE MODE Restriction in effect. The script whose
> uid is 202 is not allowed to access /etc/passwd owned by uid
> 0 in testres.php on line 2
>
Of course, if run directly rather than by cgiwrap.
> % ls -lan testres.php /etc/passwd
> -rw-r--r-- 1 0 0 x Aug 27 09:43 /etc/passwd
> -rw-r--r-- 1 202 200 33 Aug 29 09:37 testres.php
>
> For running the php programs from the cgiwrap, you can try
> the patch available at:
> http://www.klaban.torun.pl/patches/cgiwrap/
It's been my suspicion all along that cgiwrap should know about php,
as it knows about perl (see --with-perl).
> But I need to check if it compiles cleanly with the last cgiwrap
> release - the most recent will be available today.
>
Eagerly awaiting,
--
Jack
ps Piotr, you might be interested to know the full name of my test
user dran, Zimny Dran :)
|