ports/86608: Enhancement to allow dynamic open_basedir when using Virtual Dynamic Hosts with php5/apache

Lee Brotherston freebsd at antispam.nerds.org.uk
Mon Sep 26 18:30:17 UTC 2005 

>Number:         86608
>Category:       ports
>Synopsis:       Enhancement to allow dynamic open_basedir when using Virtual Dynamic Hosts with php5/apache
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 26 18:30:15 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Lee Brotherston
>Release:        5.2.1-RELEASE-p9
>Organization:
n/a
>Environment:
FreeBSD furby.nerds.org.uk 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #2: Thu Jul 15 09:16:55 BST 2004    lee at xxxx.nerds.org.uk:/usr/obj/usr/src/sys/FURBY  i386

>Description:
A problem which crops up again and again with php is when using vhosts a user wants to do something like:

<VirtualHost 82.70.196.65:80>
    VirtualDocumentRoot /data/www/%0
    ServerName %0
    php_admin_value open_basedir %0
</VirtualHost>

Which works... apart from the open_basedir as apache does not expand the %0.  The patch means that the keyphrase of VIRTUAL_DOCUMENT_ROOT will dynamically set the basedir to the VirtualDocumentRoot, which for security reasons is a good thing :)

I cannot claim to have written this patch I found it on a forum (http://www.phpbuilder.com/lists/php-developer-list/2000101/0994.php) written by Jason Greene.  I merely tweaked it to work with the lang/php5 port.
>How-To-Repeat:
      
>Fix:
--- main/fopen_wrappers.c.orig  Sun Sep 25 22:25:20 2005
+++ main/fopen_wrappers.c       Sun Sep 25 22:28:40 2005
@@ -95,8 +95,18 @@
        char resolved_name[MAXPATHLEN];
        char resolved_basedir[MAXPATHLEN];
        char local_open_basedir[MAXPATHLEN];
+       char *local_open_basedir_sub; /* Substring pointer for strstr */
        int resolved_basedir_len;
        int resolved_name_len;
+
+       if ((strcmp(PG(open_basedir), "VIRTUAL_DOCUMENT_ROOT") == 0) &&
+               SG(request_info).path_translated && *SG(request_info).path_translated  ) {
+
+               strlcpy(local_open_basedir, SG(request_info).path_translated, sizeof(local_open_basedir));
+               local_open_basedir_sub=strstr(local_open_basedir,SG(request_info).request_uri);
+               /* Now insert null to break apart the string */
+               if (local_open_basedir_sub) *local_open_basedir_sub = '\0';
+       } else

        /* Special case basedir==".": Use script-directory */
        if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list