Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Sep 2005 18:28:12 GMT
From:      Lee Brotherston <freebsd@antispam.nerds.org.uk>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/86608: Enhancement to allow dynamic open_basedir when using Virtual Dynamic Hosts with php5/apache
Message-ID:  <200509261828.j8QISCSH087124@www.freebsd.org>
Resent-Message-ID: <200509261830.j8QIUF9i091029@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         86608
>Category:       ports
>Synopsis:       Enhancement to allow dynamic open_basedir when using Virtual Dynamic Hosts with php5/apache
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 26 18:30:15 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Lee Brotherston
>Release:        5.2.1-RELEASE-p9
>Organization:
n/a
>Environment:
FreeBSD furby.nerds.org.uk 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #2: Thu Jul 15 09:16:55 BST 2004    lee@xxxx.nerds.org.uk:/usr/obj/usr/src/sys/FURBY  i386

>Description:
A problem which crops up again and again with php is when using vhosts a user wants to do something like:

<VirtualHost 82.70.196.65:80>
    VirtualDocumentRoot /data/www/%0
    ServerName %0
    php_admin_value open_basedir %0
</VirtualHost>

Which works... apart from the open_basedir as apache does not expand the %0.  The patch means that the keyphrase of VIRTUAL_DOCUMENT_ROOT will dynamically set the basedir to the VirtualDocumentRoot, which for security reasons is a good thing :)

I cannot claim to have written this patch I found it on a forum (http://www.phpbuilder.com/lists/php-developer-list/2000101/0994.php) written by Jason Greene.  I merely tweaked it to work with the lang/php5 port.
>How-To-Repeat:
      
>Fix:
--- main/fopen_wrappers.c.orig  Sun Sep 25 22:25:20 2005
+++ main/fopen_wrappers.c       Sun Sep 25 22:28:40 2005
@@ -95,8 +95,18 @@
        char resolved_name[MAXPATHLEN];
        char resolved_basedir[MAXPATHLEN];
        char local_open_basedir[MAXPATHLEN];
+       char *local_open_basedir_sub; /* Substring pointer for strstr */
        int resolved_basedir_len;
        int resolved_name_len;
+
+       if ((strcmp(PG(open_basedir), "VIRTUAL_DOCUMENT_ROOT") == 0) &&
+               SG(request_info).path_translated && *SG(request_info).path_translated  ) {
+
+               strlcpy(local_open_basedir, SG(request_info).path_translated, sizeof(local_open_basedir));
+               local_open_basedir_sub=strstr(local_open_basedir,SG(request_info).request_uri);
+               /* Now insert null to break apart the string */
+               if (local_open_basedir_sub) *local_open_basedir_sub = '\0';
+       } else

        /* Special case basedir==".": Use script-directory */
        if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509261828.j8QISCSH087124>