BUGTRAQ ID: 32383 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 在以全局模式使用safe_mode时: php.ini&shy;: safe_mode = On 并通过php_admin_flag声明: <Directory "/www"> ... php_admin_flag safe_mode On </Directory> 当在/www/中创建一些php脚本并试图调用: ini_set("error_log", "/hack/"); 或在/www/.htaccess中 php_value error_log "/hack/bleh.php" 结果是: Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 80 is not \ allowed to access /hack/ owned by uid 1001 in Unknown on line 0 Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \ whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \ on line 4 这是由于php.ini中声明了safe_mode。但如果在httpd.conf使用: php_admin_flag safe_mode On 就仅会得到: Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \ whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \ on line 4 .htaccess中允许php_value error_log...
BUGTRAQ ID: 32383 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 在以全局模式使用safe_mode时: php.ini&shy;: safe_mode = On 并通过php_admin_flag声明: <Directory "/www"> ... php_admin_flag safe_mode On </Directory> 当在/www/中创建一些php脚本并试图调用: ini_set("error_log", "/hack/"); 或在/www/.htaccess中 php_value error_log "/hack/bleh.php" 结果是: Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 80 is not \ allowed to access /hack/ owned by uid 1001 in Unknown on line 0 Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \ whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \ on line 4 这是由于php.ini中声明了safe_mode。但如果在httpd.conf使用: php_admin_flag safe_mode On 就仅会得到: Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \ whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \ on line 4 .htaccess中允许php_value error_log "/hack/blehx.php"句法,导致绕过safe_mode的限制。 PHP 5.2.6 PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup target=_blank>http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup</a>
