PHP problem

["veins" <veins () skreel org>]

This is not really an advisory, but a warning for sysadmins running
webservers
with PHP. I noticed that it was possible to rebuild the user database (Unix)
even when safe_mode prevented from reading /etc/passwd and open_basedir
prevented from accessing /etc.
The implementation of getpw{uid,nam} functions (and their groups equivalent)
in PHP do not check values for safe_mode and open_basedir letting a user
rebuild a complete /etc/passwd file.
There was no implementation of getpwent() so the user has to loop on all
possible uid's but in some environnements, it can cause some problems.

For more informations, I have posted a bug report and a script showing
the problem:
     http://bugs.php.net/bug.php?id=16733

I hope that can prevent some problems on your servers  ;)
Anyways, a quick fix would be to disable posix_* functions that deal with
the user database.

Sysadmin @ Skreel.org && Kheos.net