Re: [PHP-DEV] Critical Bug #20887
But unfortunately neither of these fix the bug.
If there is php.ini in /, it's still used.
--Jani
On Thu, 12 Dec 2002, Moriyoshi Koizumi wrote:
+1 for applying this patch.
and attached is yet another fix as my suggestion.
(a bit dirty, and not tested enough).
Moriyoshi
Sara Golemon [EMAIL PROTECTED] wrote:
I THINK the patch below will fix critical bug #20887, but it's late and
I've had a long day so I havn't begun to make sure it'll work properly in
any circumstance, could anyone else have a look and try it out?
See my note in Bug #20887 for an explanation of what my theory about the
problem is.
-Pollita
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 06:49:50 -
@@ -298,7 +298,9 @@
char *separator_location =
strrchr(binary_location, DEFAULT_SLASH);
if (separator_location) {
- *(separator_location+1) = 0;
+ separator_location[0] = '\0';
+ } else {
+ binary_location[0] = '\0';
}
if (*php_ini_search_path) {
strcat(php_ini_search_path, paths_separator);
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
- For Sale! -
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
Hmm... it's natural that when apache is launched at /, it should read
/php.ini because of the current implementation shown below.
274 #ifdef INI_CHECK_CWD
275 if (strcmp(sapi_module.name, cli)!=0) {
276 if (*php_ini_search_path) {
277 strcat(php_ini_search_path, paths_separator);
278 }
279 strcat(php_ini_search_path, .);
280 }
281 #endif
Moriyoshi
Jani Taskinen [EMAIL PROTECTED] wrote:
But unfortunately neither of these fix the bug.
If there is php.ini in /, it's still used.
--Jani
On Thu, 12 Dec 2002, Moriyoshi Koizumi wrote:
+1 for applying this patch.
and attached is yet another fix as my suggestion.
(a bit dirty, and not tested enough).
Moriyoshi
Sara Golemon [EMAIL PROTECTED] wrote:
I THINK the patch below will fix critical bug #20887, but it's late and
I've had a long day so I havn't begun to make sure it'll work properly in
any circumstance, could anyone else have a look and try it out?
See my note in Bug #20887 for an explanation of what my theory about the
problem is.
-Pollita
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 06:49:50 -
@@ -298,7 +298,9 @@
char *separator_location =
strrchr(binary_location, DEFAULT_SLASH);
if (separator_location) {
- *(separator_location+1) = 0;
+ separator_location[0] = '\0';
+ } else {
+ binary_location[0] = '\0';
}
if (*php_ini_search_path) {
strcat(php_ini_search_path, paths_separator);
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
- For Sale! -
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
On Thu, 12 Dec 2002, Moriyoshi Koizumi wrote:
Hmm... it's natural that when apache is launched at /, it should read
/php.ini because of the current implementation shown below.
274 #ifdef INI_CHECK_CWD
275 if (strcmp(sapi_module.name, cli)!=0) {
276if (*php_ini_search_path) {
277strcat(php_ini_search_path, paths_separator);
278}
279strcat(php_ini_search_path, .);
280 }
281 #endif
Yeah, but I'm not launching it at /..
--Jani
Moriyoshi
Jani Taskinen [EMAIL PROTECTED] wrote:
But unfortunately neither of these fix the bug.
If there is php.ini in /, it's still used.
--Jani
On Thu, 12 Dec 2002, Moriyoshi Koizumi wrote:
+1 for applying this patch.
and attached is yet another fix as my suggestion.
(a bit dirty, and not tested enough).
Moriyoshi
Sara Golemon [EMAIL PROTECTED] wrote:
I THINK the patch below will fix critical bug #20887, but it's late and
I've had a long day so I havn't begun to make sure it'll work properly in
any circumstance, could anyone else have a look and try it out?
See my note in Bug #20887 for an explanation of what my theory about the
problem is.
-Pollita
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 06:49:50 -
@@ -298,7 +298,9 @@
char *separator_location =
strrchr(binary_location, DEFAULT_SLASH);
if (separator_location) {
- *(separator_location+1) = 0;
+ separator_location[0] = '\0';
+ } else {
+ binary_location[0] = '\0';
}
if (*php_ini_search_path) {
strcat(php_ini_search_path, paths_separator);
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
- For Sale! -
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
- For Sale! -
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
On Thu, 12 Dec 2002, Jani Taskinen wrote:
On Thu, 12 Dec 2002, Moriyoshi Koizumi wrote:
Hmm... it's natural that when apache is launched at /, it should read
/php.ini because of the current implementation shown below.
274 #ifdef INI_CHECK_CWD
275 if (strcmp(sapi_module.name, cli)!=0) {
276 if (*php_ini_search_path) {
277 strcat(php_ini_search_path, paths_separator);
278 }
279 strcat(php_ini_search_path, .);
280 }
281 #endif
Yeah, but I'm not launching it at /..
AFAIK apache always does a chdir('/') when you start it.
Derick
--
-
Derick Rethans http://derickrethans.nl/
PHP Magazine - PHP Magazine for Professionals http://php-mag.net/
-
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
You are right. I verified Apache changes the cwd to / unless it's been
launched in single process mode.
And I found results could be different by cases, using DSO or using CGI
executable. When you run your script with CGI executable and php.ini is
also present in that directory, the PHP binary tries to read that one as
mod_cgi tries to chdir to where the script is put.
I'm not sure, but this appears to imply some security issues?
Moriyoshi
Derick Rethans [EMAIL PROTECTED] wrote:
On Thu, 12 Dec 2002, Jani Taskinen wrote:
On Thu, 12 Dec 2002, Moriyoshi Koizumi wrote:
Hmm... it's natural that when apache is launched at /, it should read
/php.ini because of the current implementation shown below.
274 #ifdef INI_CHECK_CWD
275 if (strcmp(sapi_module.name, cli)!=0) {
276if (*php_ini_search_path) {
277strcat(php_ini_search_path, paths_separator);
278}
279strcat(php_ini_search_path, .);
280 }
281 #endif
Yeah, but I'm not launching it at /..
AFAIK apache always does a chdir('/') when you start it.
Derick
--
-
Derick Rethans http://derickrethans.nl/
PHP Magazine - PHP Magazine for Professionals http://php-mag.net/
-
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
You are right. I verified Apache changes the cwd to / unless it's been launched in single process mode. And I found results could be different by cases, using DSO or using CGI executable. When you run your script with CGI executable and php.ini is also present in that directory, the PHP binary tries to read that one as mod_cgi tries to chdir to where the script is put. I'm not sure, but this appears to imply some security issues? At the time CLI was introduced I argued to remove . from php.ini search path, but that was not accepted because some people apparently use this feature for having different configurations for different virtual hosts. Therefore . was removed only from CLI's php.ini search path. Edin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
At the time CLI was introduced I argued to remove . from php.ini
search path, but that was not accepted because some people
apparently use this feature for having different configurations for
different virtual hosts.
Therefore . was removed only from CLI's php.ini search path.
This feature looks somewhat evil since it enables users to bypass the safe
mode restrictions enforced by the administrator, or am I missing
something?
Anyway, the following patch should make sense for #20887?
Moriyoshi
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 11:22:17 -
@@ -272,7 +272,8 @@
/* Add cwd */
#ifdef INI_CHECK_CWD
- if (strcmp(sapi_module.name, cli)!=0) {
+ if (strcmp(sapi_module.name, cgi)==0
+ || strcmp(sapi_module.name, cgi-fcgi)==0) {
if (*php_ini_search_path) {
strcat(php_ini_search_path, paths_separator);
}
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
No because it was preciselly because of cgi that CWD wasn't removed
from the php.ini search path. Have a look at the following thread:
http://www.zend.com/lists/php-dev/200202/msg01325.html
Edin
- Original Message -
From: Moriyoshi Koizumi [EMAIL PROTECTED]
To: Edin Kadribasic [EMAIL PROTECTED]
Cc: Derick Rethans [EMAIL PROTECTED]; Jani Taskinen
[EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, December 12, 2002 12:44 PM
Subject: Re: [PHP-DEV] Critical Bug #20887
At the time CLI was introduced I argued to remove . from php.ini
search path, but that was not accepted because some people
apparently use this feature for having different configurations
for
different virtual hosts.
Therefore . was removed only from CLI's php.ini search path.
This feature looks somewhat evil since it enables users to bypass
the safe
mode restrictions enforced by the administrator, or am I missing
something?
Anyway, the following patch should make sense for #20887?
Moriyoshi
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 11:22:17 -
@@ -272,7 +272,8 @@
/* Add cwd */
#ifdef INI_CHECK_CWD
- if (strcmp(sapi_module.name, cli)!=0) {
+ if (strcmp(sapi_module.name, cgi)==0
+ || strcmp(sapi_module.name,
cgi-fcgi)==0) {
if (*php_ini_search_path) {
strcat(php_ini_search_path,
paths_separator);
}
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
Thanks for the pointer. As far as I looked over the thread, which is not
so long as I expected, I don't feel there is that much need for including
CWD in php.ini search path. +1 for removing that feature.
Moriyoshi
Edin Kadribasic [EMAIL PROTECTED] wrote:
No because it was preciselly because of cgi that CWD wasn't removed
from the php.ini search path. Have a look at the following thread:
http://www.zend.com/lists/php-dev/200202/msg01325.html
Edin
- Original Message -
From: Moriyoshi Koizumi [EMAIL PROTECTED]
To: Edin Kadribasic [EMAIL PROTECTED]
Cc: Derick Rethans [EMAIL PROTECTED]; Jani Taskinen
[EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, December 12, 2002 12:44 PM
Subject: Re: [PHP-DEV] Critical Bug #20887
At the time CLI was introduced I argued to remove . from php.ini
search path, but that was not accepted because some people
apparently use this feature for having different configurations
for
different virtual hosts.
Therefore . was removed only from CLI's php.ini search path.
This feature looks somewhat evil since it enables users to bypass
the safe
mode restrictions enforced by the administrator, or am I missing
something?
Anyway, the following patch should make sense for #20887?
Moriyoshi
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 11:22:17 -
@@ -272,7 +272,8 @@
/* Add cwd */
#ifdef INI_CHECK_CWD
- if (strcmp(sapi_module.name, cli)!=0) {
+ if (strcmp(sapi_module.name, cgi)==0
+ || strcmp(sapi_module.name,
cgi-fcgi)==0) {
if (*php_ini_search_path) {
strcat(php_ini_search_path,
paths_separator);
}
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Critical Bug #20887
+1 for applying this patch.
and attached is yet another fix as my suggestion.
(a bit dirty, and not tested enough).
Moriyoshi
Sara Golemon [EMAIL PROTECTED] wrote:
I THINK the patch below will fix critical bug #20887, but it's late and
I've had a long day so I havn't begun to make sure it'll work properly in
any circumstance, could anyone else have a look and try it out?
See my note in Bug #20887 for an explanation of what my theory about the
problem is.
-Pollita
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 06:49:50 -
@@ -298,7 +298,9 @@
char *separator_location =
strrchr(binary_location, DEFAULT_SLASH);
if (separator_location) {
- *(separator_location+1) = 0;
+ separator_location[0] = '\0';
+ } else {
+ binary_location[0] = '\0';
}
if (*php_ini_search_path) {
strcat(php_ini_search_path, paths_separator);
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Index: main/php_ini.c
===
RCS file: /repository/php4/main/php_ini.c,v
retrieving revision 1.106
diff -u -r1.106 php_ini.c
--- main/php_ini.c 12 Nov 2002 20:56:47 - 1.106
+++ main/php_ini.c 12 Dec 2002 07:52:04 -
@@ -287,11 +287,21 @@
efree(binary_location);
binary_location = NULL;
}
+#elif defined(__linux__)
+ binary_location = (char *) emalloc(MAXPATHLEN);
+ binary_location = realpath(/proc/self/exe, binary_location);
+#elif defined(__svr4__)
+ binary_location = (char *) emalloc(MAXPATHLEN);
+ binary_location = realpath(/proc/self/object/a.out, binary_location);
+#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+ binary_location = (char *) emalloc(MAXPATHLEN);
+ binary_location = realpath(/proc/curproc/file, binary_location);
#else
+ binary_location = NULL;
if (sapi_module.executable_location) {
- binary_location = estrdup(sapi_module.executable_location);
- } else {
- binary_location = NULL;
+ if (sapi_module.executable_location[0] == DEFAULT_SLASH) {
+ binary_location =
+estrdup(sapi_module.executable_location);
+ }
}
#endif
if (binary_location) {
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
