From 6cac26c21f7a2d0c3eb3c80db8a51bd6b96e6576 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Fri, 9 Jun 2000 10:34:53 +0000
Subject: [PATCH] Make chmod in safe mode not allow SUID bits

---
 ext/standard/filestat.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c
index f63619de0d..7b95a36cde 100644
--- a/ext/standard/filestat.c
+++ b/ext/standard/filestat.c
@@ -324,7 +324,7 @@ PHP_FUNCTION(chown)
 PHP_FUNCTION(chmod)
 {
 	pval **filename, **mode;
-	int ret;
+	int ret,imode;
 	PLS_FETCH();
 	
 	if (ZEND_NUM_ARGS()!=2 || zend_get_parameters_ex(2,&filename,&mode)==FAILURE) {
@@ -341,7 +341,15 @@ PHP_FUNCTION(chmod)
 	if (php_check_open_basedir((*filename)->value.str.val))
 		RETURN_FALSE;
 
-	ret = chmod((*filename)->value.str.val, (*mode)->value.lval);
+	imode = (*mode)->value.lval; 
+	/* in safe mode, do not allow to setuid files.
+	   Setuiding files could allow users to gain privileges 
+	   that safe mode doesn't give them.
+	*/
+	if(PG(safe_mode)) 
+	  imode &= 0777;
+
+	ret = chmod((*filename)->value.str.val, imode);
 	if (ret == -1) {
 		php_error(E_WARNING, "chmod failed: %s", strerror(errno));
 		RETURN_FALSE;
-- 
2.50.1