Bug #27051 [Com]: Impersonation with FastCGI does not EXEC process as impersonated user

Wed, 24 Mar 2010 16:10:06 -0700 

Edit report at http://bugs.php.net/bug.php?id=27051&edit=1

 ID:               27051
 Comment by:       heer2351 at zonnet dot nl
 Reported by:      ghoffer at globalscape dot com
 Summary:          Impersonation with FastCGI does not EXEC process as
                   impersonated user
 Status:           Feedback
 Type:             Bug
 Package:          CGI related
 Operating System: Windows
 PHP Version:      5.3
 Assigned To:      pajoye

 New Comment:

Box is behind a company firewall so you can unfortunately not access
it.

This is an intranet site.


Previous Comments:
------------------------------------------------------------------------
[2010-03-25 00:08:31] heer2351 at zonnet dot nl

This is what I ran:

<?php

echo exec('c:\Windows\System32\whoami');

?> 



ProcMon shows cmd.exe being started by php-cgi.exe

A thread is created running as the correct user.

Excecuted command is: cmd.exe /c "c:\Windows\System32\whoami"



I do notice that the process exits with Exit Status 5, which is normally
access denied.



I have however already tried to give Everyone full access to the whole
machine, i.e. all drives. Still the same error.

------------------------------------------------------------------------
[2010-03-25 00:04:10] [email protected]

btw, is it possible to access this box? I could try to debug what's
wrong there as it works just fine with the same constellation here (same
windows, IIS and fcgi versions).

------------------------------------------------------------------------
[2010-03-25 00:00:09] [email protected]

It is not the same context using runas or impersonate.



Did you use "c:\\....\\whoami" or "cmd /c..."?

------------------------------------------------------------------------
[2010-03-24 23:58:27] heer2351 at zonnet dot nl

Result:

PHP Warning: exec(): Unable to fork [c:\Windows\System32\whoami] in
D:\Web\Public\Typo3\v4_2_6\fdha_hr\hr\forkTest.php on line 2

------------------------------------------------------------------------
[2010-03-24 23:56:20] heer2351 at zonnet dot nl

BTW if I run the same script on the webserver using fakeCGI and runas to
run as the application pool user it works.



Fake FastCGI web server

FCGI_PARAMS sent

FCGI_STDIN sent

Launching receive loop

FCGI_STDOUT: X-Powered-By: PHP/5.3.2

Content-type: text/html; charset=utf-8



Hello World!"



FCGI_END_REQUEST received

killing app

FastCGI process exited with 0



So the problem is definitely in the combination IIS6 and PHP 5.3

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=27051


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=27051&edit=1

Reply via email to