ID: 41899
Updated by: [EMAIL PROTECTED]
Reported By: geoffwa at cs dot rmit dot edu dot au
Status: Open
Bug Type: Streams related
Operating System: Solaris 10
PHP Version: 5.2.3
Assigned To: ab5602
New Comment:
Also, tested the longer script posted in this thread. That appears to
work for me as well.
[EMAIL PROTECTED]:/test/abc]$ uname -a
SunOS opteron 5.10 Generic_118855-14 i86pc i386 i86pc
[EMAIL PROTECTED]:/test/abc]$ ./php-cvs -v
PHP 5.2.5-dev (cli) (built: Oct 7 2007 11:26:15) (DEBUG)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
[EMAIL PROTECTED]:/test/abc]$ ./php-cvs ./test.php
Current working directory is: /test/abc
Opened /test/abc/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file
[EMAIL PROTECTED]:/test/abc]$
Previous Comments:
------------------------------------------------------------------------
[2007-10-08 13:42:25] [EMAIL PROTECTED]
Geoffwa or ian, could you please send me a .tar with the directory
structure and permissions you are using along with instructions on how
to reproduce the error?
The script works just fine for me in Solaris with the most recent CVS.
-------
d--x--x--x 2 rob rob 512 Oct 8 09:24 .
drwxr-xr-x 20 rob rob 1536 Oct 8 09:15 ..
-rwxr-xr-x 1 rob rob 10620420 Oct 8 09:17 php-cvs
-rw-r--r-- 1 rob rob 301 Oct 8 09:17 test.php
-------
[EMAIL PROTECTED]:~/mkdirtest]$ ./php-cvs ./test.php
Warning: mkdir(): Permission denied in
/export/home/rob/mkdirtest/test.php on line 3
mkdir failed
[EMAIL PROTECTED]:~/mkdirtest]$ chmod u+w .
[EMAIL PROTECTED]:~/mkdirtest]$ ./php-cvs ./test.php
SUCCESS
[EMAIL PROTECTED]:~/mkdirtest]$
------------------------------------------------------------------------
[2007-10-08 05:31:15] [EMAIL PROTECTED]
With php5.2-200710080430 the problem is worse, not better.
I can't even mkdir() in my test script any more!
<?php
ini_set('display_errors', '1');
mkdir("./a/b", 0700, true) or die('mkdir failed');
touch("./a/b/file") or die('touch failed');
chmod("./a", 0300) or die('chmod failed');
chdir("./a/b") or die('chdir failed');
$fp = fopen('../b/file', 'r');
if ($fp) print "SUCCESS\n";
else print "FAILURE\n";
?>
produces:
Warning: mkdir(): Unable to access ./a in
/home/g/geoffwa/work/test/test2.php on line 3
mkdir failed
Looking at truss, the last four syscalls are:
getcwd("/home/g/geoffwa/work/test", 1024) = 0
resolvepath("./a", 0xFFBFD238, 1024) Err#2 ENOENT
stat("a", 0xFFBFDF20) Err#2 ENOENT
stat("a", 0xFFBFDF20) Err#2 ENOENT
I'd also like to point out that the Solaris getcwd() works fine:
(from the man page)
The getcwd() function may fail if:
EACCES A parent directory cannot be read to get its
name.
------------------------------------------------------------------------
[2007-10-08 03:04:17] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows (zip):
http://snaps.php.net/win32/php5.2-win32-latest.zip
For Windows (installer):
http://snaps.php.net/win32/php5.2-win32-installer-latest.msi
Try the latest CVS snapshot. Fixed the 41822 bug, which I feel is
probably the same.
------------------------------------------------------------------------
[2007-09-17 09:48:37] ian at onlineloop dot com
Unfortunately we are not in a position to wither wait for PHP6 nor
immediately migrate to it when it does come out. We have too many
users with too many scripts on our server, and telling over 800
people that they have to adjust their scripts in less than 6 months
just doesn't work here :-(
With the continuing failure to fix this bug, we are left in a very
uncomfortable situation, either continue with the security hole
loaded 5.1.6, or apply the patch you offered. No one from the PHP
project has logged into the system we set up for them on an E3500 since
5 July 2007 either, so I'm really left wondering about the seriousness
there is to actually fix this bug.
Anyway, I have seen from the source for PHP that realpath is
definately not a function from Sun. realplath is all from the PHP
project itself, so the attempt to shovel off the blame to Sun (post
from 6 Jul 3:16pm) is not justifiable. Besides, this all worked just
fine up until PHP 5.2.0 came out...
------------------------------------------------------------------------
[2007-09-13 01:56:00] geoffwa at cs dot rmit dot edu dot au
I'll stress again that while the patch may work, I'm not sure if it's
'correct' or not, mainly because I have no idaa what php_checkuid_ex()
is supposed to return, safe_mode-isms like open_basedir may need it.
I just traced the execution of the offending PHP script repeatedly for
the failure case, and deduced that the expand_filepath() call in
php_checkuid_ex() that I've removed in the patch was returning an empty
path under similar conditions to where a getcwd() call would fail.
The actual path blatting appeared to occur in virtual_file_ex(), and we
produced a separate patch which completely short-circuited this function
and also made the all test conditions work.
Given that PHP6 is removing safe_mode completely, I imagine this
problem will hopefully be fixed then :)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/41899
--
Edit this bug report at http://bugs.php.net/?id=41899&edit=1
