[Bug 305806] New: squirrelmail fortune plugin doesn't work
https://bugzilla.novell.com/show_bug.cgi?id=305806 Summary: squirrelmail fortune plugin doesn't work Product: openSUSE 10.3 Version: Beta 2 Platform: Other OS/Version: Other Status: NEW Severity: Minor Priority: P5 - None Component: Other AssignedTo: ltinkl@novell.com ReportedBy: poeml@novell.com QAContact: qa@suse.de CC: crrodriguez@novell.com Found By: --- Instead of a fortune, squirrelmail displays: Warning: is_file(): open_basedir restriction in effect. File(/usr/bin/fortune) is not within the allowed path(s): (/srv/www/htdocs/squirrelmail:/var/lib/squirrelmail:/usr/share/php5/PEAR:/tmp:/var/lib/php5) in /srv/www/htdocs/squirrelmail/plugins/fortune/setup.php on line 47 squirrelmail.conf is: php_admin_value open_basedir "/srv/www/htdocs/squirrelmail:/var/lib/squirrelmail:/usr/share/php5/PEAR:/tmp" Adding /usr/bin/fortune to the open_basedir setting does make it work. Dont know if this is the right thing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806#c1 --- Comment #1 from Cristian Rodriguez <crrodriguez@novell.com> 2007-08-29 03:34:07 MST --- (In reply to comment #0 from Peter Poeml)
Dont know if this is the right thing.
It isnt ;) however as open_basedir is a weird thing, it works. is this plugin included into the distribution..? You have hitted one of the many open_basedir gotchas, to be correct in this case, you should add /usr/bin to open_basedir which pretty much mean that any PHP script can execute arbitrary binaries on your system :-( In short, open_basedir is no panacea and have a large number of issues, nothing replace proper OS level security. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806#c2 --- Comment #2 from Peter Poeml <poeml@novell.com> 2007-08-29 05:25:24 MST --- Yes, this plugin is part of the squirrelmail package. I also wonder if PHP can, after adding /usr/bin/fortune to open_basedir, also execute other binaries from /usr/bin. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806 Lukas Tinkl <ltinkl@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806 Vladimir Nadvornik <nadvornik@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nadvornik@novell.com AssignedTo|ltinkl@novell.com |crrodriguez@novell.com Status|ASSIGNED |NEW -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806#c3 Cristian Rodriguez <crrodriguez@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|crrodriguez@novell.com | Status|NEW |ASSIGNED Version|Beta 2 |Final --- Comment #3 from Cristian Rodriguez <crrodriguez@novell.com> 2007-10-23 03:57:36 MST --- the real solution is to make the plugin simple not use the fortune binary at all,but read the fortune database with PHP itself. so We either use some ITO time to really fix this plugin the right way or use Peter workaround regardless it's ugliness ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806#c4 --- Comment #4 from Cristian Rodriguez <crrodriguez@novell.com> 2007-10-23 04:10:51 MST --- http://pear.php.net/manual/en/package.fileformats.file-fortune.example.php --> make it easy ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806 User crrodriguez@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=305806#c5 Cristian Rodriguez <crrodriguez@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |REMIND --- Comment #5 from Cristian Rodriguez <crrodriguez@novell.com> 2007-12-11 01:07:33 MST --- It is in dicussion if this packahge will be shipped in the next product at all. remind me later. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=305806 User crrodriguez@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=305806#c6 Cristian Rodriguez <crrodriguez@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|REMIND |WONTFIX --- Comment #6 from Cristian Rodriguez <crrodriguez@novell.com> 2008-03-03 16:04:05 MST --- This package has been dropped from the distribution and will be available only via builservice in the future, -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com