same like in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585 the bug is reportet for php5 in http://bugs.php.net/bug.php?id=32937 yes i used the tailing "/" when setting open basedir ;-) Reproducible: Always Steps to Reproduce: if somebody has a directory structure like this: /srv/user1 /srv/user2 . . . /srv/user10 /srv/user11 Actual Results: user1 can access the files of user10 and user12 vi PHP although open_basedir is set Expected Results: user1 should not have access to these directories
Reassigning to php, we usually don't accept safe_mode bugs. see http://www.php.net/security-note.php for details. Thanks for reporting, though.
Fixed in CVS with the latest revisions of all PHP packages. For new-style PHP: dev-lang/php-4.3.11-r3 dev-lang/php-4.4.0-r3 dev-lang/php-4.4.1 dev-lang/php-5.0.4-r3 dev-lang/php-5.0.5-r3 For old-style PHP: dev-php/php-4.3.11-r3 dev-php/php-4.4.0-r3 dev-php/php-cgi-4.3.11-r4 dev-php/php-cgi-4.4.0-r4 dev-php/mod_php-4.3.11-r3 (old-style Apache config layout) dev-php/mod_php-4.4.0-r6 (old-style Apache config layout) dev-php/mod_php-4.4.0-r7 (new-style Apache config layout) Best regards, CHTEKK.