Prevent "scandir(): open_basedir restriction in effect"

Question

I have this code (it's part of the leash shell that list all exec files from $PATH)

private function executables($paths = array()) {
    $execs = array();
    foreach ($paths as $path) {
        foreach (scandir($path) as $item) {
            $full_path = $path . "/" . $item;
            if (!is_dir($full_path) && is_executable($full_path)) {
                $execs[] = $item;
            }
        }
    }
    return $execs;
}

it use exec function with 'echo -n $PATH'

    $path = $this->shell($token, 'echo -n $PATH', '/');
    $settings['path'] = $path['output'];
    $paths = explode(":", $settings['path']);
    $settings['executables'] = $this->executables($paths);

but php display error "scandir(): open_basedir restriction in effect. File(/usr/local/bin) is not within the allowed path(s)", how to prevent it, I've try to wrap the code with try .. finaly with no success.

possible duplicate of [open\_basedir restriction in effect. File(/) is not within the allowed path(s):](http://stackoverflow.com/questions/1846882/open-basedir-restriction-in-effect-file-is-not-within-the-allowed-paths) — mario, Mar 21 '14 at 14:46

score 0 · Answer 1 · answered Mar 21 '14 at 14:49

0

open_basedir is a PHP config value that, if set, restricts what directories a given PHP application has access to; in your case, /usr/local/bin is not included in that list.

The simplest way around this is to modify the setting in your php.ini file (or your project / site's vhost file) to include /usr/local/bin; however, that could also be construed as a security issue (which open_basedir is meant to help protect against).

Are you sure you need your script to access this directory? If so, you should be safe to edit =]. If not, I'd recommend updating your script to only stay within the allowed directories.

answered Mar 21 '14 at 14:49

newfurniturey

37,556
9
94
102

I can't modify php.ini I need solution for php code. Maybe test if the path is not in restricted dir. – jcubic Mar 21 '14 at 14:55
There is no way to go around this *within* PHP; you could use `ini_get()` to get the current `open_basedir` value(s) and check your paths against it to see if you're about to violate it or not. I'm not sure if a simple `try/catch` would help you here, but you might give that a try as well. – newfurniturey Mar 21 '14 at 15:15

score 0 · Answer 2 · answered Mar 21 '14 at 14:55

0

A @ sign before scandir() should hide the error (i.e @scandir($path)), if that's what you mean. Of course, your code will not be able to get the listing, but you can handle the error without showing the ugly message to the user.

answered Mar 21 '14 at 14:55

Xavier Rubio Jansana

6,388
1
27
50

score 0 · Accepted Answer · answered Mar 21 '14 at 15:23

0

I found the solution, simple don't use php at all (use shell to list executables):

    $cmd = 'IFS=:; find $PATH -maxdepth 1 -executable -type f -printf ' .
        "'%f\n' 2>/dev/null";
    $execs = $this->shell($token, $cmd, '/');
    $settings['executables'] = explode("\n", trim($execs['output']));

answered Mar 21 '14 at 15:23

jcubic

61,973
54
229
402

I ask this on Unix site http://unix.stackexchange.com/questions/120786/list-all-binaries-from-path it have better solution for list all executables. – jcubic Mar 25 '14 at 09:20

Prevent "scandir(): open_basedir restriction in effect"

3 Answers3