Reported on Bugtraq, though not sure how secure safedir is in the first place: There is a vulnerability (local safedir restriction bypass) identified within the GD extension affecting the following functions: - imagegif() - imagepng() - imagejpeg() in /ext/gd/gd.c line 1647 Which is now fixed in the cvs http://cvs.php.net/co.php/php-src/ext/gd/gd.c?r=1.312.2.1#1786
Note: PHP devs do not consider basedir bypass using extensions as security vulnerabilities. See bug 69643 for another example...
Safedir is not safe -> reassigning to php-bugs.
Fixed in CVS with the latest revisions of all PHP packages. For new-style PHP: dev-lang/php-4.3.11-r3 dev-lang/php-4.4.0-r3 dev-lang/php-4.4.1 dev-lang/php-5.0.4-r3 dev-lang/php-5.0.5-r3 For old-style PHP: dev-php/php-4.3.11-r3 dev-php/php-4.4.0-r3 dev-php/php-cgi-4.3.11-r4 dev-php/php-cgi-4.4.0-r4 dev-php/mod_php-4.3.11-r3 (old-style Apache config layout) dev-php/mod_php-4.4.0-r6 (old-style Apache config layout) dev-php/mod_php-4.4.0-r7 (new-style Apache config layout) Best regards, CHTEKK.