Re: [cgiwrap-users] cgiwrap and php
Brought to you by:
nneul
From: Jack O. <ja...@he...> - 2001-08-29 08:28:08
|
Piotr Klaban wrote: > > On Wed, Aug 29, 2001 at 09:45:24AM +1000, Jack Olszewski wrote: > > <b>Warning</b>: SAFE MODE Restriction in effect. The script whose > > uid is 99 is not allowed to access /www/dran/index.php owned by uid > > 502 in <b>/home/dran//E/runphp.cgi</b> on line <b>5</b><br> > > ... > > --------------------------------------------------------------------- > > > > The question is why php sees the uid of /home/dran//E/runphp.cgi as > > still 99 despite its change into 502 by cgiwrap. > > > > Hope someone might be able to explain, > > I will try to. > > 1. The message is not from cgiwrap, but from php - that is clear. > Then it is probably not cgiwrap related, the OT. > 2. You have in line 5 of /home/dran//E/runphp.cgi > something like > require('/www/dran/index.php'); > where /www/dran/index.php is owned by 502 and /home/dran//E/runphp.cgi > is owned by 99. > Yes, exactly. > 3. Lets check it a while: > > % cat > testres.php > <?php > require('/etc/passwd'); > ?> > > % php -f testres.php > PHP Warning: SAFE MODE Restriction in effect. The script whose > uid is 202 is not allowed to access /etc/passwd owned by uid > 0 in testres.php on line 2 > Of course, if run directly rather than by cgiwrap. > % ls -lan testres.php /etc/passwd > -rw-r--r-- 1 0 0 x Aug 27 09:43 /etc/passwd > -rw-r--r-- 1 202 200 33 Aug 29 09:37 testres.php > > For running the php programs from the cgiwrap, you can try > the patch available at: > http://www.klaban.torun.pl/patches/cgiwrap/ It's been my suspicion all along that cgiwrap should know about php, as it knows about perl (see --with-perl). > But I need to check if it compiles cleanly with the last cgiwrap > release - the most recent will be available today. > Eagerly awaiting, -- Jack ps Piotr, you might be interested to know the full name of my test user dran, Zimny Dran :) |