ID: 49049 User updated by: rusxakep at gmail dot com Reported By: rusxakep at gmail dot com -Status: Open +Status: Bogus Bug Type: Filesystem function related Operating System: Linux 2.6.29 PHP Version: 5.2.10 New Comment:
Quote from http://ru.php.net/manual/en/function.file-exists.php: "Note: The check is done using the real UID/GID instead of the effective one." Quote from man 2 access: "The check is done using the calling process's real UID and GID, rather than the effective IDs as is done when actually attempting an operation (e.g., open(2)) on the file.This allows set-user-ID programs to easily determine the invoking user's authority." Workaround -> use stat() or is_dir(). Previous Comments: ------------------------------------------------------------------------ [2009-07-30 12:52:32] rusxakep at gmail dot com bash script ok? Real cut'n'paste :-) Copy this script in any place and run under root: #!/bin/sh # Create test user useradd -d /home/user1 -g users -m -N -p 12345 -s /bin/sh user1 chmod 0755 /home/user1 # Create wrapper with "execution bit" enabled echo "#define REAL_PATH \"/home/user1/test.php\" main(ac, av) char **av; { execv(REAL_PATH, av); }" > /home/user1/test.c # Compile and set "execution bit" cc -o /home/user1/test /home/user1/test.c chown user1.users /home/user1/test chmod 6755 /home/user1/test # Create php script, who'll work under wrapper (see before) echo "#!/usr/bin/php -q <?php if (!file_exists(\"/home/user1/1/2/3/4/5\")) { if (mkdir (\"/home/user1/1/2/3/4/5\",0700,true)) echo \"MKDIR OK, directory has been created\n\"; else echo \"MKDIR FAIL\n\"; } else { echo \"TEST PASSED!\n\"; } ?> " > /home/user1/test.php chown user1.users /home/user1/test.php chmod 755 /home/user1/test.php # Create second test user useradd -d /home/user2 -g users -m -N -p 12345 -s /bin/sh user2 # Test! echo "First run, when directory doesn't exist ..."; su - user2 -c "/home/user1/test" echo "Second (bug) run, when directory already exist and must be return TEST PASSED! message"; su - user2 -c "/home/user1/test" # Cleaning userdel -f -r user2 userdel -f -r user1) ------------------------------------------------------------------------ [2009-07-29 23:26:27] [email protected] PLEASE give proper steps to reproduce this. Preferrably something we can simply cut'n'paste.. ------------------------------------------------------------------------ [2009-07-29 16:34:25] rusxakep at gmail dot com You can use any other directory where you are able to do it. You can use the virtual machine (like VirtalBox or VMware) and so forth. Installation "execution bit" on/usr/bin/strace is necessary for situation creation where the error in function file_exist() appears. It is necessary for more exact understanding of an error. In a real situation which is described in my first post, the role strace is fulfilled by the program written on C with "execution bit enable". If still something is not clear, write, I will explain.) ------------------------------------------------------------------------ [2009-07-28 20:49:00] [email protected] My /home dir isn't writable by anyone. So how could it work? And what does setting those permissions on strace help to debug this? ------------------------------------------------------------------------ [2009-07-28 20:12:08] rusxakep at gmail dot com Jani, Is bug reproducing ONLY with using "set execution bit"! Simple way test with strace output: 1. Temprorarly set "chmod 6755" to /usr/bin/strace binary for correct test. 2. Create simple CONSOLE test.php file and place to /home/1/ directory (owner should be root.root): #!/usr/bin/php -q <?php if (!file_exists("/home/1/2/3")) mkdir("/home/1/2/3",0700,true); ?> 3. Run this script under any unprivileged user with next cmd: "su - someuser -c "/usr/bin/strace /home/1/test.php" First run test.php create directory /home/1/2 and /home/1/2/3 successfully with "someuser" owner and 0700. Second run test.php script must be finish w/o any messages, because directory already exists, but function file_exists() incorrectly fulfils and produces that the directory does not exist, though it is. Try it! If something else is not clear, I will explain more in detail.) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/49049 -- Edit this bug report at http://bugs.php.net/?id=49049&edit=1
