Ticket #59 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

eaccelerator_dasm_file should check for open-basedir restriction

Reported by: Stadler Assigned to: somebody
Priority: trivial Milestone: 0.9.5
Component: eAccelerator Version: 0.9.5
Keywords: Cc:

Description

eaccelerator_dasm_file doesn't check for the open-basedir restriction. This could be a security issue, because users could possibly see the contents of files they shouldn't be able to view or even access. For example they could find out passwords of config-files just by looking at the opcodes.

I consider this trivial, since the disassembler is disabled by default and since it requires the permission to use eaccelerator_dasm_file, which should normally only be granted to site admins.

I guess, the check should be placed in ea_dasm.c above line #558. The fix seems to be quite simple. Maybe I'll add a patch to it myself if I find the time for it.

Attachments

ea_dasm.c-open_basedir.patch (440 bytes) - added by Stadler on 04/20/06 15:33:21.

Change History

04/20/06 15:33:21 changed by Stadler

  • attachment ea_dasm.c-open_basedir.patch added.

04/20/06 15:41:18 changed by Stadler

Ok, the attached patch should fix this.

mmh, maybe this should be added to get_cache_entry instead?

05/08/06 12:53:35 changed by bart

  • status changed from new to closed.
  • resolution set to fixed.

It's good like it is. I've just commited this path. Thanks!