From d754180768ceb88d6503eb611b91f8153d84da04 Mon Sep 17 00:00:00 2001 From: Alex Dupre Date: Mon, 16 Oct 2006 09:30:58 +0000 Subject: - fix open_basedir vulnerability in php4 and php5 [1] - add an alert on safe_mode intrinsic insecurity and suggest to install the suhosin extension - enable the suhosin patch by deafult also in php4 Submitted by: Thomas Vogt [1] Obtained from: PHP CVS [1] Approved by: portmgr (clement) --- lang/php4/files/patch-ext_standard_dir.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 lang/php4/files/patch-ext_standard_dir.c (limited to 'lang/php4/files/patch-ext_standard_dir.c') diff --git a/lang/php4/files/patch-ext_standard_dir.c b/lang/php4/files/patch-ext_standard_dir.c new file mode 100644 index 000000000000..ef819306883b --- /dev/null +++ b/lang/php4/files/patch-ext_standard_dir.c @@ -0,0 +1,20 @@ +--- ext/standard/dir.c.orig Mon Oct 16 06:59:56 2006 ++++ ext/standard/dir.c Mon Oct 16 07:00:06 2006 +@@ -16,7 +16,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: dir.c,v 1.109.2.18.2.2 2006/01/01 13:46:57 sniper Exp $ */ ++/* $Id: dir.c,v 1.109.2.18.2.3 2006/10/04 23:20:02 iliaa Exp $ */ + + /* {{{ includes/startup/misc */ + +@@ -275,7 +275,7 @@ + RETURN_FALSE; + } + +- if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { ++ if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) { + RETURN_FALSE; + } + ret = VCWD_CHDIR(str); -- cgit v1.2.3