[php-maint] Bug#562782: php5-mysql: load data local bypasses basedir due to the way libmysqlclient15off is compiled
The Mighty System Admin
wejn at box.cz
Sun Dec 27 21:12:15 UTC 2009
Package: php5-mysql
Version: 5.2.6.dfsg.1-1+lenny3
Severity: normal
mysql extension for php5 package bypasses open_basedir restrictions
due to the way libmysqlclient package is compiled.
Forcing the "--enable-local-infile" flag during compilation of
libmysqlclient package causes the built-in protection in php5's
mysql extension to malfunction allowing anyone to read files outside
open_basedir.
>From the limited research I did, there's no way to make this
protection work properly unless the aforementioned compile flag
is turned off.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash
More information about the pkg-php-maint
mailing list