Re: [PHP-DEV] safe_mode and files permissions q?
On Wed, 10 Jul 2002 10:29:54 +0300 Vitaly N. Kravchenko [EMAIL PROTECTED] wrote: Hi. I have small question for you. When I turn safe_mode On, The users script can't access files with uid differ from uid of this script. It's good. But, when script.php create any (for example .txt) file.txt, file.txt have owner uid of user defined in httpd.conf (apache), User from whom apache runs. And user can't access this file. Can I solve this problem by myself, or it's Engine trouble..? Hi, no you can't really solve this by yourself. What you have to do so that people can create files with their own uid is what i had to do for php4U (php for Lycos Members) which is setting the setuid bit to +s and adding in the php code an effective uid change. The drawbacks of this is that you have to use a cgi version of php. It's not THAT bad actually in terms of performance. We use it for roughly several hundreds thousands users (not all active) with only 6 boxes. I'm not saying they're not loaded but they do fine. I don't think there is another way. If i'm wrong that would be good but I don't really see how it could be done otherwise cause i won't launch php as root :) Later -- Chand Je recompile une version cvs unstable d'un client mail pour avoir les accents dans les sujets. Et alors ? (c) Chand, 2002 Le Perl c'est vraiment à chier pour générer des objets javas sérialisés. Et c'est bien dommage. Tuf (c), 2002 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] safe_mode and files permissions q?
On Wed, 10 Jul 2002 11:55:42 +0200 Stefan Esser [EMAIL PROTECTED] wrote: Hi, And user can't access this file. Can I solve this problem by myself, or it's Engine trouble..? If you really really need to create and access files from your script then create a directory within your document root like script-data set safe_mode_include_dir to this directory. This should eliminate the problems. ATTENTION: do not forget to tell apache via httpd.conf that script-data is NOT accessible from the outside. yeah that's a solution but it doesn't work in case of mass hosting : can't update php.ini for each new user and have it carry 2 peta zillions safe_mode_include_dirs :) but yeah for a few users, this is a working solution. Good thinking :) I hope this helps ya out Vitaly. Later. Take care.. -- Chand Je recompile une version cvs unstable d'un client mail pour avoir les accents dans les sujets. Et alors ? (c) Chand, 2002 Le Perl c'est vraiment à chier pour générer des objets javas sérialisés. Et c'est bien dommage. Tuf (c), 2002 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] bug not solved since June 2001
hey, i've come across a bug these past few days in regexps, i've been getting mad about this. I looked around in the Bug Database and i found it : http://bugs.php.net/bug.php?id=11461 it's from 4.0.6, dated almost a year and still hasn't been corrected and is not even assigned Any ideas why this has been put off ? It still 'works' on php 4.2.0RC4, haven't tried further.. Thanks for any insight as to why this hasn't been solved yet. Later -- Chand 640K ought to be enough for anybody. Bill Gates, 1981 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] bug not solved since June 2001
On Tue, 14 May 2002 09:28:54 -0700 (PDT) Rasmus Lerdorf [EMAIL PROTECTED] wrote: ok thanks. I wasn't sure of myself and since the bug wasn't closed i thought that maybe it had slipped your QA Team. You should close it at least so that people don't get confused on it. Thanks a lot. It's not a bug. The regex is simply wrong. The ereg() functions are POSIX 1003.2 compliant. Read this: A bracket expression is a list of characters enclosed in `[]'. It normally matches any single character from the list (but see below). If the list begins with `^', it matches any single character (but see below) not from the -- Chand 640K ought to be enough for anybody. Bill Gates, 1981 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Safe Mode
On 12 May 2002 23:42:21 +0200 Stig S. Bakken [EMAIL PROTECTED] wrote: Well, as long as there is exec(2), there is a way. How many users do Lycos Europe provide sandboxed PHP for? heya, We provide php for roughly 5 000 000 users, and it's growing everyday by 5000 approximately. Chrooted environments (i guess this is what you call sandbox/prison) is not viable in these conditions. - Stig On Sun, 2002-05-12 at 23:37, Rasmus Lerdorf wrote: But for really large shared hosts, I don't think that is feasible. How are you going set up 100,000 prisons on a server? I'm +1 on removing safe mode in PHP 5, and encourage the use of system-level sandboxes/prisons instead. - Stig On Sat, 2002-05-11 at 17:39, Ilia A. wrote: In the process of writing an installer in PHP for one of my projects I've come in contact with a number of servers running PHP with safe_mode enabled. As you can probably imagine the installer at first broke completely because of safe_mode restrictions. Despite the restriction I was able to write php code that was able to bypass safe_mode restriction in every single case, which should tell you just how safe that option is. There are numerous ways to bypass it, rely on file system utils if they are in the path, make the script copy itself and then write stuff as webserver, install a small script into cgi-bin directory that will do the same thing etc... The number of ways to bypass this feature are too numerous to list here. I should also point out that safe_mode implementation has numerous bugs in every PHP version including the very latest CVS. It is my belief that safe_mode gives people who use false sense of security by supposedly securing their webserver from their own users, which is pointless since a dedicated user can cause plenty of damage by using while(1) include $PHP_SELF; etc... In addition safe_mode makes the developer life extremely difficult since it blocks the most common operations that ARE ALLOWED by the webserver's file permissions, why does PHP take on the role that is not done in any other programming language? It is nearly impossible to write a PHP file system code that would work with safe_mode it is much easier to just release C/Perl/Python etc.. code that will do the very same thing and run via a command line or the user's cgi-bin directory. For example, if a user uploads test.php with their FTP and test.php creates a file, it will no longer be able to read that file under safe_mode since the uid of the script and the file it created differ. IMHO safe_mode should be removed from the php core, because it lulls web server admins into false sense of security thus not taking the time to setup proper file system permissions in addition to severely crippling the PHP's file system functionality. If the safe_mode like functionality remains it should simply block all file system and shell execution code since with it most of that code becomes useless anyway. Regards, Ilia -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- -- Chand 640K ought to be enough for anybody. Bill Gates, 1981 Et après qui c'est qui s'amuse avec Un vélo en pédalant ? Sky, 2002 C'est super la musique classique, mais ca fait chier XL, 2002 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Safe Mode
On Sat, 2002-05-11 at 19:27, Zeev Suraski wrote: At 20:17 11/05/2002, Rasmus Lerdorf wrote: Ideally every ISP would use it and each virtual host would have such a directory. In reality I've set to see a SINGLE ISP that has used that option. In fact I didn't know about it myself until you told me about on IRC. Well, it is well documented. The ignorance and stupidity of many ISP's is just a fact of life. I am a firm believer in Darwinism amongst ISP's and figure the really stupid ones will eventually die off. I am not going to go out an actively shoot them though, because that might be illegal. Do we have any sort of an PHP-ISP-HOWTO? If not, are there any volunteers to write one? I think it may be a good idea, because Darwinism goes both ways - if too many people get bitten by PHP, they'll switch to other solutions. Zeev hey all, I'm working at Lycos Europe (nothing to do with Lycos, inc, except for the trademark). We do have a large shared hosting service (both free and paid) over 8 countries. That's Millions of webpages. ALl of them able to use php. I've been working on the PHP4U service (as we call it :)) for almost 2 years now on and off (it started with the MultiMania PHP4U Service a while back before being trasnfered to Lycos Hosting), mainly upgrading to the new php version as soon as i considered it robust. I've definitely come over troubles these past 2 years, Zeev can tell, i've been bugging him with questions since then. The php distribution we first used was a 4.0.4pl1. And I had to patch it to cover our needs and cover some safe_mode security bugs. (Those bugs are now corrected since 4.1.2). I also had to patch other little security bugs we found while the service was rolling and the users were reporting it to us. The solution we've chosen is to have a cgi php binary instead of a module for security stuff. The main reason to do so was to have the user-created file have the user's uid. We had to suid the php binary and setuid() the process to the script's uid, of course. This seemed like a good security trouble-keeper (I know some people will say that setuid scripts and security in the same sentence usually ain't a good mix'n'match but .. :) ) since this let the filesystem take care of file permissions which seemed to me the most secure way, Ain't it ? Maybe the Open_basedir solution is a better one although i like the idea of files really owned by the user and not only virtually. The drawback on the cgi php binary is performance. We have lotsa trouble with php cgi binary not dying after the max_execution_time and stayin' alive on the machines. So we have to terminate them frequently. This has been reported I think a while back and said to be solved but looks like we have an environment that's unique in terms of number of requests per second and load averages, and that not a lot of people can use to test. So people might have the dead binaries sleeping around bug solved, but we don't. Ilia, the scripts you talk about that eat up process, cpu, file pointers etc are very interesting, we've already gone against most of them except for the file handlers Attack. Never had that but I think i'm gonna talk about this with our NOC team cause it could be a very big issue now that's it's in the open :) Seriously, i've been surprised as to how low was the number of people trying to hack our system thru PHP. I was really afraid it would far worse, but this might not be the case everywhere, and we still have to be vigilant about all that security stuff. I too think that safe_mode is not a good thing and that open_basedir seems better and more secure. I'm willing to help on a PHP-ISP-Howto document even though but since i've never done such a thing, i'm not sure i can really do something good, Plus we might not have taken the best way of doing things around here. If anybody has comments and or solutions, I'm interested. Later Chand -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Aggregate Functions
hey everyone, I'm wondering about the aggregate functions. We've talked about them a lot in here and they're in 4.2.0. Good job. But what about some documentation about it ? There's nothing in the manual to help people deal with them. So they know they're there (it's in the ChangeLog) but they can't really use'em since they don't know how. Might be a good idea to throw a hand at this issue, ain't it ? Later dudes. Chand -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Aggregate Functions
On Wed, 24 Apr 2002 12:20:20 +0200 Markus Fischer [EMAIL PROTECTED] wrote: Hi, It's always the same issues with volunteers, don't forgot. If no one has time or interested to document them, it won't happen. y'ah i guess :( Unfortunately, i'm pretty sure i don't have the expertise for such a thing. :( Would be cool to have someone do it though definitely, but I clearly understand the volunteering issues.. :( Thanks anyway Later If you'ld like to take that part, that would be great. - Markus On Wed, Apr 24, 2002 at 11:43:56AM +0200, Chand wrote : hey everyone, I'm wondering about the aggregate functions. We've talked about them a lot in here and they're in 4.2.0. Good job. But what about some documentation about it ? There's nothing in the manual to help people deal with them. So they know they're there (it's in the ChangeLog) but they can't really use'em since they don't know how. Might be a good idea to throw a hand at this issue, ain't it ? Later dudes. Chand -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- Please always Cc to me when replying to me on the lists. GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc Mind if I MFH ? What QA did you do on it? the usual? ah... none :) -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Mysql Patch for Multi-User Safety
hi everyone, I'm working on a hosting platform with a large number of users, and we need to ensure safety for our users considering the mysql Connection. Using a password is not good enough cause if someone succeeds in getting the source code of someone, he will get the password and then will be able to do anything from his account. Thus, i've been working on a patch that would allow me to enforce a mysql user login based on the script filename path. (in example /home/chand/mysql.php enforces the login as 'chand'). I'd already done this patch on 4.0.4pl1 2 years ago and it worked. For our new Hosting Platform, we've decided to go up to 4.1.0, and i can't seem to make it work correctly. I randomly (looks like it's random), get Internal Server Errors from the Mysql connection functions. My patch is most certainly the cause of that. Using gdb, what seems to be the problem is a lack of memory being available or allowed by the system thus a crash. I really don't understand how this could be possible considering my patch looks good to me. I was wondering if anyone had any idea about such a problem. Basically what i do is get the PATH_TRANSLATED variable from the sapi_globals and use strsep to get the login name to enforce it as the Mysql User. Before i used strtok which actually was a bad idea since it's a completely broken function, now obsolete. strsep helped me get the ratio of ISE (Internal Server Errors) down to 1% of the pages correctly served. It's still not good for me. We need a fully working php. I can put up the patch here to see if you guys can see what i'm doing wrong. I've been working on this for a long time now looking at a lot of different things from application to system. Nothing i've tried seems to be working and my C code looks all right to me, but there might be some inconsistency with some inner way of dealing memory in php. I'd really appreciate any help on this, on this list or on a private basis. Thanks a lot for any insight. Later Chand -- Mark Villemade Hosting Services Technical Manager Lycos Europe +33 1 53 27 24 05 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Mysql Patch for Multi-User Safety
Thanks Here is the patch to the ext/mysql/php_mysql.c file It looks a bit messy and there might be some stuff you don't get right away. Basically heres what it does. Mysql_connect gets a user, host and password (set to empty). We don't really care about those values. Actually, i get the path translated value from sapi_globals and i extract from it tow datas : the country (cause we're hosting 9 differents countries) and the login of the guy. We then add these two to create a unique login for Mysql (login_cc (cc=countrycode : fr, uk, it, nl and so on)). and then the rest of the process is the same. And one other thing, the function names are modified so that we can wrap them for some internal reasons. If you guys have any idea how to help me, i'd really appreciate it. Thanks a lot Later and take care At 12:31 03/04/2002 +0200, Markus Fischer wrote: I would suggest simple post an url with the path against whatever version and people feeling attracted will contact you (even I might take a peek ;-) - Markus On Wed, Apr 03, 2002 at 11:50:36AM +0200, Chand wrote : hi everyone, I'm working on a hosting platform with a large number of users, and we need to ensure safety for our users considering the mysql Connection. Using a password is not good enough cause if someone succeeds in getting the source code of someone, he will get the password and then will be able to do anything from his account. Thus, i've been working on a patch that would allow me to enforce a mysql user login based on the script filename path. (in example /home/chand/mysql.php enforces the login as 'chand'). I'd already done this patch on 4.0.4pl1 2 years ago and it worked. For our new Hosting Platform, we've decided to go up to 4.1.0, and i can't seem to make it work correctly. I randomly (looks like it's random), get Internal Server Errors from the Mysql connection functions. My patch is most certainly the cause of that. Using gdb, what seems to be the problem is a lack of memory being available or allowed by the system thus a crash. I really don't understand how this could be possible considering my patch looks good to me. I was wondering if anyone had any idea about such a problem. Basically what i do is get the PATH_TRANSLATED variable from the sapi_globals and use strsep to get the login name to enforce it as the Mysql User. Before i used strtok which actually was a bad idea since it's a completely broken function, now obsolete. strsep helped me get the ratio of ISE (Internal Server Errors) down to 1% of the pages correctly served. It's still not good for me. We need a fully working php. I can put up the patch here to see if you guys can see what i'm doing wrong. I've been working on this for a long time now looking at a lot of different things from application to system. Nothing i've tried seems to be working and my C code looks all right to me, but there might be some inconsistency with some inner way of dealing memory in php. I'd really appreciate any help on this, on this list or on a private basis. Thanks a lot for any insight. Later Chand -- Mark Villemade Hosting Services Technical Manager Lycos Europe +33 1 53 27 24 05 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- Please always Cc to me when replying to me on the lists. GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc Mind if I MFH ? What QA did you do on it? the usual? ah... none :) -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php patch.Multi-User.Mysql.4.1.0.chand Description: Binary data -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Mysql Patch for Multi-User Safety
At 17:34 03/04/2002 +0300, Zeev Suraski wrote: Problems I could spot: hey Zeev, nice to talk to you again :) - You use (*z_user)-value.str.val without making sure that z_user is of type string. You must have convert_to_string_ex(z_user) first (line 159 of the patch) - You don't allocate room for the NULL terminator in tmp_filename (line 188 of the patch) thanks i've corrected these two problems. I'll try and see what happens now.. Do you know where it crashes? Did you ever get a backtrace? it crashes when on this line : mysql_init(mysql-conn); [line 2165 of my patched version] and the backtrace goes up to free() in malloc.c that segfaults... Strange huh ? one wouldn't expect such an atomic function to crash, and yet it does :) Thanks for anymore insight. Later Chand -- Mark Villemade Hosting Services Technical Manager Lycos Europe +33 1 53 27 24 05 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] opendir SafeMode Multiuser Problem/Patch
At 03:54 PM 3/3/2002 -0500, James E Flemer wrote: Well actually, open_basedir is not *supposed* to check UIDs However, safe_mode *is*, and it was not for the opendir() function So I patched it to do so (in CVS) Also I noticed that when the CHECKUID_ALLOW_ONLY_DIR flag is passed to php_checkuid(), that it misses the case where you are referring to the root directory (because the leading slash is changed to a null, and so VCWD_STAT was being passed a null string instead of / or \\) I fixed that as well ok Thanks a lot I was gonna repost my mail thinking it had been read over and not taken care of :) The strange behavior of safe_mode anad the CHECKUID_ALLOW_ONLY_DIR is something i had also patched before but didn't remember :) So it's a double feature Pretty cool :) I'll be happy not to have to patch this next time we upgrade our php version for our members :) Thanks a lot Have a nice evenin' :) Later -- Mark Villemade Hosting Services Technical Manager MultiMania / Lycos (int) +33 1 53 27 24 05 -- PHP Development Mailing List http://wwwphpnet/ To unsubscribe, visit: http://wwwphpnet/unsubphp
[PHP-DEV] opendir SafeMode Multiuser Problem/Patch
hi, Just wanted to let you guys know that the php opendir() function suffers a tiny security risk in a multiuser environment Say you have a server with multiple users having access to php Those users Homedirs are stored in the same tree (say /data/users/) With the function as it is now, the user chand (/data/users/chand) would be able to open and watch the contents of Rasmus' Home directory (/data/users/rasmus) because _php_do_opendir (in ext/standard/dirc) doesn't implement the safe_mode's php_checkuid function as I think it should (IMHO) It only checks the open_base_dir variable But on a multiuser (multi as in thousands of thousands) environment, you can't honestly go that way Hence the following patch --- /php-410/ext/standard/dirc Sat Aug 11 19:03:36 2001 +++ ext/standard/dirc Fri Mar 1 00:46:58 2002 -151,6 +151,13 if (php_check_open_basedir((*arg)-valuestrval TSRMLS_CC)) { RETURN_FALSE; } + + /* CHAND Added Checkuid so that we check a guy can't go see anything except +from his directory up */ + if (!php_checkuid((*arg)-valuestrval, NULL, 3)) { + php_error(E_WARNING, Permission denied to the directory : %s, +(*arg)-valuestrval); + RETURN_FALSE; + } + /* /CHAND */ dirp = emalloc(sizeof(php_dir)); Just tell me if I'm out of the blue here and if what i'm saying is making any sense to you Almost every security issue in such an environment i had to patch in earlier versions of php were patched in 410 except for this one If it could be from now on, it would be pretty cool :) Thanks for any comments and for taking my information into consideration Maybe the patch I submitted is not the best way to do it (I don't master the php/Zend API) but it works fine with me Later -- Mark Villemade Hosting Services Technical Manager MultiMania / Lycos Europe (int) +33 1 53 27 24 05 -- PHP Development Mailing List http://wwwphpnet/ To unsubscribe, visit: http://wwwphpnet/unsubphp
Re: [PHP-DEV] Apache2 and PHP CVS from today
At 09:51 AM 2/26/2002 +0900, Yasuo Ohgaki wrote: August wrote: I find DSO useful for testing and development, but for deployment it makes little sense to be using DSO, the cost of 60 seconds of compile is negligible when looking at something that will be installed for timeframes exceeding a day or two, especially for larger server farms. The benefit of DSO is loading modules without compile whole apache. For instance, I would like to use info or status module when I have problem with my web servers, but I don't want to enable them all the time. we (I think august and i think the same, sorry dude if I'm mistaken :) :) ) understand the DSO concept *and* your point. Nonetheless, when you know you're gonna use php extensively, why bother a few more minutes of compilation and lose 40% of performance. Static build is the way to go in those cases. On other situations, i agree DSO is a good way (eg info and status you mentioned). I have in charge today a few million users (large web portal here :) ), and let me tell ya : statically built-in IS the way to go. We have seen major drawbacks with DSO. I'm not really sure why though since the module is loaded into memory at Apache startup BUT it definitely is less performant than when it's built in. (i wouldn't say 40% though but even 10% is huge). I'd really like to try out apache 2 and php but I really can't compile it (see an early mail). I know i've asked twice before but has ANYONE succeeded in compiling apache 2 and php in a STATIC BUILD (not --with-apxs but --with-apache) ? Thanks to answer me (privately if you don't want to bother the list). Later, take care -- Mark Villemade Hosting Services Technical Manager MultiMania / Lycos (int) +33 1 53 27 24 05 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Apache2 and PHP CVS from today
At 08:14 AM 2/23/2002 +0100, Sebastian Bergmann wrote: August wrote: There's been a bit of traffic on the apache dev list about this as well, most of it indicating the problem lies on the PHP side of things... This is something I've been tracking for a while, waiting for the Apache beta (which is pretty close to their final) before really worrying about the php support. Now that the beta is here would be great to see php getting solid on Apache. I have encountered no problems installing Apache2 and PHP 4, both from current CVS, two days ago. are you sure you've tried compiling it as a built-in module in Apache? If so, then i guess all the troubles i've detailed in my mail have been solved. But i hardly believe it since they seemed pretty tough to deal with on such a short time. But who knows :) I'll check it out :) Later -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- Chand Joey : You didn't cry when bambi's mother died ? Chand :Yes it was very sad when the guy stopped drawing the deer. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Apache2 and PHP CVS from today
At 05:52 PM 2/23/2002 +0100, Sebastian Bergmann wrote: Chand wrote: are you sure you've tried compiling it as a built-in module in Apache? $ cd /usr/src/httpd-2.0 $ ./configure --enable-so --enable-mods-shared=ALL $ make $ make install $ cd /usr/src/php4 $ ./configure --with-apxs2=/usr/local/apache2/bin/apxs $ make $ make install ... works just fine here, Sebastian ok this segfaults on my comp (linux 2.4.17), but my point was to try and build an httpd binary with php built in. What you do here is a module loaded at startup. not *Entirely* different but not quite the same anyway :) Configuring it would have to go this way : $ cd /usr/src/httpd-2.0 $ ./configure --enable-so --enable-mods-shared=ALL $ cd /usr/src/php4 $ ./configure --with-apache=../httpd-2.0 $ make $ make install $ cd /usr/src/httpd-2.0 $ ./configure [... All valid options you want] $ make $ make install If anyone got this working, I'm interested. I'll try again with the newest cvs version of both distributions. Later -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- Mark Villemade Hosting Services Technical Manager MultiMania / Lycos (int) +33 1 53 27 24 05 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Apache2 and PHP CVS from today
At 01:06 PM 2/22/2002 -0800, August wrote: There's been a bit of traffic on the apache dev list about this as well, most of it indicating the problem lies on the PHP side of things... This is something I've been tracking for a while, waiting for the Apache beta (which is pretty close to their final) before really worrying about the php support. Now that the beta is here would be great to see php getting solid on Apache. hey, I've been trying to compile php latest cvs and apache latest cvs a few days back and i found out there are some first things to solve before being able to make any solid thing on php + Apache 2 Nota : this only happens if you try to compile built in in apache. Apxs works at compile but httpd segfaults when you launch it and have the LoadModule in httpd.conf. (didn't try and trace it cause I wanted to test php against apache 2.0 for performance since Apache 1.3.x is almost not fast enough for the load i need to handle) 1/ First thing would have to create a good configure script :) The one php's got last time i checked didn't link to all the needed libraries directories and didn't find apache 2 actually : after line 3697 some changes are to be done : # For Apache 2.0.x elif test -f $withval/src/include/httpd.h test -f $withval/src/lib/apr/include/apr_general.h ; then first line should get rid of the /src/ second line should be test -f $withval/srclib/apr/include/apr_general.h ; then there are some changes according to the same rules are to be applied in the next few lines and APACHE_INCLUDE has to have some extra stuff : original : APACHE_INCLUDE=-I$withval/src/include -I$withval/src/os/unix -I$withval/src/lib/apr/include i don't remember exactly but there has to be some other include to put such as -l$withval/srclib/apr-util/include 2/ change the constants that had their name changed (eg : NOT_FOUND doesn't exist anymore on apache 2. It was before a #define on HTTP_NOT_FOUND. That define (for backwards compatibility i guess) is no more on Apache 2, there are a bunch of other constants for the all the response codes in include/httpd.h) 3/ there are also whole structures which have changed their names (pool for example). This is a major pain in the ass cause the structures have changed names but also their structure has changed. This is gonna be harsh to solve but it's doable. I've stopped at that step last time I checked. I'm really looking forward to Apache 2.0 cause well it looks like a lot faster and i'd need that. Anyway, i'd also like PHP to work with it of course :) Hope those simple comments were worthy. Later -- Mark Villemade Hosting Services Technical Manager MultiMania / Lycos (int) +33 1 53 27 24 05 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] PHP 4.0.x (x=1) POST variables registering problems
hey everyone, Hope the summer's good for all of ya :) I have some trouble with understanding php behavior's change from 4.0.0 to higher versions. I wish someone here could explain me what might be in cause for this. I've checked out the ChangeLog and didn't find anything really relevant. here's my problem. On our website here, we use the 404 mechanism to insert the actual content of pages into a single interface. For example, let's say you go to http://www.mysite.com/index.php .. Actually index.php doesn't exist, but index.content does. Apache will then send out a 404 error and send the custom 404 page we have designed which is a php file. This php file is the in charge to insert the contents of the .content file into a single interface. I won't extend on the purpose, advantages and drawbacks of this system, just assume it works that way :) When we first set up this system, we had to patch Apache cause it didn't send Post variables to a 404 custom page. This patch went easy and works perfectly right. Now when we've tried to upgrade php from php3 to php4 and though our system worked correctly with php 4.0.0, but not with further versions. I'd like to know if you guys could give me a hint on what's going on here ? Would you have changed anything in the way you handle Post/Get vars in 4.0.1 and above ? Do you have a different processing for these variables whether the page is a 404 or a 200 ? I'm thanking anyone in advance for any given clue helping to solve this problem. Please come back to me on the list or privately to [EMAIL PROTECTED] if you have any further questions regarding my problem. See ya all later and have a good week-end. -- Mark Villemade Hosting Platform Development/Conception Engineer Lycos Europe -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Code documentation
Hi everyone, I was wondering if there was any documentation to the source code of php. I have to work on some internal patches to PHP for my company to offer php for a large number of users. I already did the patches but had a hard time understanding all the source code because of all the defines and macros that are scattered throughout all the code files. I started noting about all the PLS_FETCH(), and ELS_FETCH() and #ifdef ZTS and all that stuff but i really have a hard time sometime debugging my patches cause i don't really know what that function specifically does. now that i have new patches to do, i wish i had a plain documentation. I'd really appreciate one of you giving me access to one doc about all that stuff if there exists one :) Thanks a lot for all your help. -- Mark Villemade Hosting Communication Tools Technical Manager MultiMania Lycos Group -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DEV] Code documentation
hey yeah lxr.php.net *is* a good resource. I've used it a lot at first but although it's useful to find out about identifiers and all, it's not as useful when it comes to understand what's the use of one macro or function. And since php source code doesn't have a lot of comments (behavior that should, by the way, be corrected, imho :) ) it often gets hairy to understand why the code breaks there. But as Sean reported, lxr ain't really up to date. So it doesn't really help me now since i'm patching the 4.0.4pl1 version :) Lxr should also have an option to set the version of php ya wanna check in (php 4.x, php 3.x, CVS ). Or at least should the indexed code be the last official release's . e.g php4.0.4pl1 these days). So even though lxr helps me in a way, i'm looking for something more extensive and explanatory. I'll check the documentation on Zend.com. Maybe it has some stuff I haven't gone by yet. Thanks for the info. And thanks for any further information on documentation. At 20:02 03/04/2001 -0400, Sean wrote: Someone needs to fix the images. -Original Message- From: Sterling Hughes [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 03, 2001 6:56 PM To: Chand Cc: PHP Developer List Subject: Re: [PHP-DEV] Code documentation On Wed, 4 Apr 2001, Chand wrote: I'd really appreciate one of you giving me access to one doc about all that stuff if there exists one :) There is some documentation on the Zend site, however, its pretty rudimentary, you've probably already outgrown it by this point. lxr.php.net is a good resource, its a cross-referenced version of the source. -Sterling -- Mark Villemade Hosting Communication Tools Technical Manager MultiMania Lycos Group -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]