Edit report at http://bugs.php.net/bug.php?id=36483&edit=1
ID: 36483 Updated by: [email protected] Reported by: david at davidfavor dot com Summary: phpize php_autoconf security fix -Status: Open +Status: Bogus Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues Operating System: RedHat EL-4 PHP Version: 5.1.2 Block user comment: N Private report: N New Comment: This is a PEAR issue. Please report on pear.php.net. Previous Comments: ------------------------------------------------------------------------ [2006-02-22 00:26:02] david at davidfavor dot com Description: ------------ Since I've only installed PHP the first time, please route this the the correct place. There are many reports that resemble this: /usr/local/bin/phpize: /tmp/tmpEcSnL3/apd-1.0.1/build/shtool: /bin/sh: bad interpreter: Permission denied Cannot find autoconf. Please check your autoconf installation and the $PHP_AUTOCONF environment variable is set correctly and then rerun this script. ERROR: `phpize' failed The problem is the pear command seems to be be violate usual security precautions. That is mounting /tmp with the noexec option disallows the execution of /tmp/*/shtool. The fix seems to be maybe checking the executability of scripts on /tmp first and prompting the user for an alternative directory first. The ugly work around is to change /etc/fstab to allow /tmp files to be executed... Shudder... Reproduce code: --------------- 1) In /etc/fstab: /dev/hda3 /tmp ext3 defaults,noexec 1 0 2) reboot 3) pear install pecl/pdflib ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=36483&edit=1
