Make chmod in safe mode not allow SUID bits

author Stanislav Malyshev <stas@php.net>

Fri, 9 Jun 2000 10:34:53 +0000 (10:34 +0000)

committer Stanislav Malyshev <stas@php.net>

Fri, 9 Jun 2000 10:34:53 +0000 (10:34 +0000)
author Stanislav Malyshev <stas@php.net>
Fri, 9 Jun 2000 10:34:53 +0000 (10:34 +0000)
committer Stanislav Malyshev <stas@php.net>
Fri, 9 Jun 2000 10:34:53 +0000 (10:34 +0000)
diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c

index f63619de0d7cf8bfa956c151c253aab618df91c8..7b95a36cde30107dd20faf4b7c7a2247f6652c89 100644 (file)
--- a/ext/standard/filestat.c
+++ b/ext/standard/filestat.c
@@ -324,7 +324,7 @@ PHP_FUNCTION(chown)
  PHP_FUNCTION(chmod)
  {
         pval **filename, **mode;
-       int ret;
+       int ret,imode;
         PLS_FETCH();
         
         if (ZEND_NUM_ARGS()!=2 || zend_get_parameters_ex(2,&filename,&mode)==FAILURE) {
@@ -341,7 +341,15 @@ PHP_FUNCTION(chmod)
         if (php_check_open_basedir((*filename)->value.str.val))
                 RETURN_FALSE;
  
-       ret = chmod((*filename)->value.str.val, (*mode)->value.lval);
+       imode = (*mode)->value.lval; 
+       /* in safe mode, do not allow to setuid files.
+          Setuiding files could allow users to gain privileges 
+          that safe mode doesn't give them.
+       */
+       if(PG(safe_mode)) 
+         imode &= 0777;
+
+       ret = chmod((*filename)->value.str.val, imode);
         if (ret == -1) {
                 php_error(E_WARNING, "chmod failed: %s", strerror(errno));
                 RETURN_FALSE;
author	Stanislav Malyshev <stas@php.net>
	Fri, 9 Jun 2000 10:34:53 +0000 (10:34 +0000)
committer	Stanislav Malyshev <stas@php.net>
	Fri, 9 Jun 2000 10:34:53 +0000 (10:34 +0000)