Your message dated Fri, 13 Jan 2017 13:05:30 +0000
with message-id <e1cs1xu-0009dr...@fasolo.debian.org>
and subject line Bug#841781: Removed package(s) from unstable
has caused the Debian Bug report #811130,
regarding php5: [kfreebsd] uploaded files have gid=root
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
811130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811130
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:php5
Version: 5.4.45-0+deb7u2
Severity: important
User: debian-...@lists.debian.org
Usertags: kfreebsd
X-Debbugs-Cc: debian-...@lists.debian.org

(Followup to https://lists.debian.org/debian-bsd/2016/01/msg00021.html)

This turns out to be some bug or odd behaviour of PHP when handling file
uploads on kfreebsd.  Here's a simple testcase:

<?php

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    print_r($_FILES);
    var_dump(move_uploaded_file($_FILES['foo']['tmp_name'], '.foo'));
    die();
}

?>
<html>
<body><form id="for-you" method="post" enctype="multipart/form-data">
<input name="foo" type="file" />
<input type="submit" />
</form></body>
</html>

Submitting the web form, PHP writes the uploaded file to /tmp initially,
having a random filename, and moves it to ".foo" in the web document
root at request of the PHP script.

The PHP script is *supposed* to run non-privileged for obvious
reasons.  suexec.log suggests I set that up right:

    uid: (1046/foo) gid: (1045/foo) cmd: php-fcgi-starter

And executing <?php passthru('id'); ?> confirms that is generally the
case:

    uid=1046(foo) gid=1045(foo) groups=1045(foo) 

But `stat .foo` shows the uploaded file having gid=0 instead, something
not possible to do if you have dropped privileges:

      File: `.foo'
      Size: 5           Blocks: 9          IO Block: 4096   regular file
    Device: 735ae718h/1935337240d       Inode: 238962      Links: 1
    Access: (0644/-rw-r--r--)  Uid: ( 1046/foo)   Gid: (    0/root)
    Access: 2016-01-15 22:00:02.555410397 +0000             ^^^^^^
    Modify: 2016-01-15 22:00:02.555410397 +0000           wrong gid!
    Change: 2016-01-15 22:00:02.555410397 +0000
     Birth: -

I couldn't repeat this on a GNU/Linux machine.  Is PHP maybe not
dropping privileges properly on GNU/kFreeBSD?  (setgid,setegid issue?)
Havne't yet checked it affects regular FreeBSD also.

There seems nothing special about my /tmp:  mode 1777/drwxrwxrwt.
That end the web document root are on ZFS.

Thanks.
Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Version: 5.6.26+dfsg-1+rm

Dear submitter,

as the package php5 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/841781

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to