ID: 40079
Updated by: [EMAIL PROTECTED]
Reported By: wharmby at uk dot ibm dot com
-Status: Open
+Status: Assigned
Bug Type: Scripting Engine problem
Operating System: Linux RHEL4
PHP Version: 5CVS-2007-01-09 (snap)
-Assigned To:
+Assigned To: iliaa
Previous Comments:
------------------------------------------------------------------------
[2007-01-09 17:58:59] wharmby at uk dot ibm dot com
Description:
------------
The current implementation of php_get_current_user() uses
the non-reentrant getpwuid() rather than the reentrant
getpwuid_r(). Therefore issuing on Linux in a ZTS enabled
build could lead to unpredictable/undesirable results. the code should
use the re-entrant version if it is available.
The following patch which were built against the latest
snapshot (Jan 9 2007, 1330 GMT) modifies the code in
main/safe_mode.c to use the re-entrant getpwuid_r if its
available:
http://pastebin.ca/311144
Following makes necessary associated change to configure.in:
http://pastebin.ca/311140
Fix tested on Linux RHEL with mysql extension enabled and
sql.safe_mode=On in php.ini. The modified code can then easily be
invoked by issuing mysql_connect().
Reproduce code:
---------------
Problem found by code inspection. As with most thread safety
issues difficult to produce a simple testcase which will show a
reproducible crash but current Linux executable is clearly not
reentrant.
Expected result:
----------------
N/A
Actual result:
--------------
N/A
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=40079&edit=1
