ports/86608: Enhancement to allow dynamic open_basedir when using Virtual Dynamic Hosts with php5/apache
Lee Brotherston
freebsd at antispam.nerds.org.uk
Mon Sep 26 18:30:17 UTC 2005
>Number: 86608
>Category: ports
>Synopsis: Enhancement to allow dynamic open_basedir when using Virtual Dynamic Hosts with php5/apache
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 26 18:30:15 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Lee Brotherston
>Release: 5.2.1-RELEASE-p9
>Organization:
n/a
>Environment:
FreeBSD furby.nerds.org.uk 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #2: Thu Jul 15 09:16:55 BST 2004 lee at xxxx.nerds.org.uk:/usr/obj/usr/src/sys/FURBY i386
>Description:
A problem which crops up again and again with php is when using vhosts a user wants to do something like:
<VirtualHost 82.70.196.65:80>
VirtualDocumentRoot /data/www/%0
ServerName %0
php_admin_value open_basedir %0
</VirtualHost>
Which works... apart from the open_basedir as apache does not expand the %0. The patch means that the keyphrase of VIRTUAL_DOCUMENT_ROOT will dynamically set the basedir to the VirtualDocumentRoot, which for security reasons is a good thing :)
I cannot claim to have written this patch I found it on a forum (http://www.phpbuilder.com/lists/php-developer-list/2000101/0994.php) written by Jason Greene. I merely tweaked it to work with the lang/php5 port.
>How-To-Repeat:
>Fix:
--- main/fopen_wrappers.c.orig Sun Sep 25 22:25:20 2005
+++ main/fopen_wrappers.c Sun Sep 25 22:28:40 2005
@@ -95,8 +95,18 @@
char resolved_name[MAXPATHLEN];
char resolved_basedir[MAXPATHLEN];
char local_open_basedir[MAXPATHLEN];
+ char *local_open_basedir_sub; /* Substring pointer for strstr */
int resolved_basedir_len;
int resolved_name_len;
+
+ if ((strcmp(PG(open_basedir), "VIRTUAL_DOCUMENT_ROOT") == 0) &&
+ SG(request_info).path_translated && *SG(request_info).path_translated ) {
+
+ strlcpy(local_open_basedir, SG(request_info).path_translated, sizeof(local_open_basedir));
+ local_open_basedir_sub=strstr(local_open_basedir,SG(request_info).request_uri);
+ /* Now insert null to break apart the string */
+ if (local_open_basedir_sub) *local_open_basedir_sub = '\0';
+ } else
/* Special case basedir==".": Use script-directory */
if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list