ID: 20302 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Scripting Engine problem Operating System: Linux 2.4.18 PHP Version: 4.2.2 New Comment:
It would be nice if you could give an exact description of what descriptors are open for you. Like a directory listing ... ls -la /proc/pidofapache/fd BTW: The opened script fd can be leaked without any security impact. And it is an apache bug that the fds are leaked. PHP does no accept (its the apache child that accepts). And mysql etc... sockets are opened by the mysqlclient libs... these are responsible for setting the close on exec flag, not PHP. Previous Comments: ------------------------------------------------------------------------ [2002-12-05 07:27:02] [EMAIL PROTECTED] I got the e-mail stating to try the latest tarball. I downloaded it and grep'ed around. I am not sure how to build a rpm of php that is 100% compatible with RedHat 8.0. The e-mail back was terse and didn't say the problem was replicated or fixed. The tarball has no CHANGELOG. Grep'ing did not show FD_CLOEXEC. Since I am not sure about building a rpm and I cannot find what the fix was, how am I to provide feedback? Was the problem replicated? Did your testing show its now fixed? What files were changed? Are there diffs of the affected code? ------------------------------------------------------------------------ [2002-12-04 18:16:22] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. ------------------------------------------------------------------------ [2002-11-23 16:37:43] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip ------------------------------------------------------------------------ [2002-11-07 12:20:30] [EMAIL PROTECTED] Upon investigating the php engine as shipped by RedHat 8.0 with the env_audit program, I have found that php is leaking descriptors (above and beyond what apache is leaking). One descriptor is the php webpage being executed, and 2 copies of the socket returned from accept appear to be leaked. The env_audit program is listed at freshmeat.net, it comes with instructions to audit php. The fix is to add a fcntl(fd, FD_CLOEXEC) after accept and after opening the page. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20302&edit=1
