Ticket #59 (closed defect: fixed)

Opened 4 years ago

Last modified 6 months ago

eaccelerator_dasm_file should check for open-basedir restriction

Reported by: Stadler Owned by: somebody
Priority: trivial Milestone: 0.9.5
Component: eAccelerator Version: 0.9.5
Keywords: Cc:

Description

eaccelerator_dasm_file doesn't check for the open-basedir restriction. This could be a security issue, because users could possibly see the contents of files they shouldn't be able to view or even access. For example they could find out passwords of config-files just by looking at the opcodes.

I consider this trivial, since the disassembler is disabled by default and since it requires the permission to use eaccelerator_dasm_file, which should normally only be granted to site admins.

I guess, the check should be placed in ea_dasm.c above line #558. The fix seems to be quite simple. Maybe I'll add a patch to it myself if I find the time for it.

Attachments

ea_dasm.c-open_basedir.patch Download (440 bytes) - added by Stadler 4 years ago.

Change History

Changed 4 years ago by Stadler

comment:1 Changed 4 years ago by Stadler

Ok, the attached patch should fix this.

mmh, maybe this should be added to get_cache_entry instead?

comment:2 Changed 4 years ago by bart

  • Status changed from new to closed
  • Resolution set to fixed

It's good like it is. I've just commited this path. Thanks!

comment:3 Changed 12 months ago by getagoodbuy

I'm closing it according to the last comment. nike shoes wholesale

comment:5 Changed 6 months ago by sim

 decoration Changed 1 year ago by admin

 bathtub Changed 1 year ago by admin

 solar system Changed 1 year ago by admin

 stair parts Changed 1 year ago by admin

 solar supply Changed 1 year ago by admin

Note: See TracTickets for help on using tickets.