|
Posted by Markus Mayer on 09/30/07 11:14
Hi All,
I have interesting problems with PHP/Hardened PHP 4.3.11 on Apache 2.0.54 on
AIX 5.1 and 5.2, and on Solaris 9.
I have a directory permissions scheme which has the absolute minimum of rights
for the web server to work, that is a directory gets the permissions
drwx--s--x (711) with the suid bit set. This is done because many users have
ftp access to the system and for some directories in the system it should not
be possible for those users to do a directory listing. Changing the
permissions to include read permission is one solution that works, but in
this environment it is unacceptable for us. It's also unacceptable because
this was working with previous versions of HPHP.
My first problem is the behaviour of Hardened PHP in PHP 4.3.10 and 4.3.11 on
AIX. This was built using gcc 3.3.3 from the AIX toolbox. Everything was
fine with Hardened PHP 4.3.9. For what ever reason, with the above directory
permissions, HPHP is not able to read files within that directory structure
if they are included relative to the working directory of a script running
within a subdirectory (see the example scripts and associated directory
structure I have given later on). If I run this on Linux with HPHP, it works
fine, as does the normal PHP on AIX. Strangely enough, if I use the absolute
path to the included file, the file is included without problems.
My second problem is HPHP on Solaris 9 on a Blade 1500 - it just doesn't work
with the apache process seg faulting aparently during the initialisation
stage. If I use the normal PHP everything runs fine. These were built using
gcc 3.3.2 from sunfreeware.com. I have tried running it in gdb, but gdb
itself seg faults. So then (genius here) I ran apache inside gdb inside gdb
which caught gdb's own seg fault and indicated a problem with libc.so.1.
Applying the latest Solaris 9 patch cluster from Sun and rebuilding apache
and HPHP did not change anything. At the moment I'm one step away from
opening a bug report at Sun.
I would like to know if any one else with similar systems has similar problems
and maybe a solution. I would bother Steffan Esser, the creator of HPHP,
with this problem but I've bothered him enough already and really need to
know if I'm the only one with such problems. I also don't want to open a bug
report at Sun if the problem is somewhere else.
If anyone has any questions about this problem, please ask. I will be most
grateful for any help anyone can give me.
Markus
A test directory structure to recreate this is as follows:
htdocs/test:
drws--S--x 3 user users 512 Dec 28 17:37 .
drwxr-xr-x 14 user users 1536 Apr 20 12:27 ..
drwxr-xr-x 2 user users 512 Dec 28 17:39 subdir
-rw-r--r-- 1 user users 48 Dec 28 17:37 includeme.inc
htdocs/test/subdir:
drwxr-xr-x 2 user users 512 Dec 28 17:39 .
drws--S--x 3 user users 512 Dec 28 17:37 ..
-rw-r--r-- 1 user users 511 Apr 20 11:37 scripttest.php
the file htdocs/test/includeme.inc contains the script
<?php
echo "I am the included file!<br>";
?>
the file htdocs/test/subdir/scripttest.php contains the script
<?php
echo "I will now try to include the file ../includeme.inc.<br><br>";
include '../includeme.inc';
echo "<br>Done...<br><br>";
$included_files = get_included_files();
echo "These are the included files as returned by get_included_files():<br>";
foreach ($included_files as $included_file)
{
echo " $included_file<br>";
}
echo "<br>";
echo "Now I will try to get my current working directory using getcwd()<br>";
$cwd = getcwd();
echo "getcwd() returned $cwd <br>";
echo "<br>Test end.<br>";
?>
Solaris Hardened PHP seg faults.
Solaris – PHP 4.3.11 standard and AIX PHP 4.3.11 standard output the
following:
I will now try to include the file ../includeme.inc.
I am the included file!
Done...
These are the included files as returned by get_included_files():
/usr/local/htdocs/test/subdir/scripttest.php
../includeme.inc
Now I will try to get my current working directory using getcwd()
getcwd() returned
Test end.
AIX PHP 4.3.11 with Hardened PHP Patches 0.2.7 for PHP 4.3.11 outputs the
following:
I will now try to include the file ../includeme.inc.
Warning: main(../includeme.inc): failed to open stream: Permission denied
in /usr/local/htdocs/test/subdir/scripttest.php on line 5
Warning: main(): Failed opening '../includeme.inc' for inclusion
(include_path='.:/usr/local/lib/php')
in /usr/local/htdocs/test/subdir/scripttest.php on line 5
Done...
These are the included files as returned by get_included_files():
/usr/local/htdocs/test/subdir/scripttest.php
Now I will try to get my current working directory using getcwd()
getcwd() returned
Test end.
Linux: The output of the scripts on both standard PHP 4.3.11 and PHP 4.3.11
with Hardened PHP patches version 0.2.7 for PHP 4.3.11 is the same:
I will now try to include the file ../includeme.inc.
I am the included file!
Done...
These are the included files as returned by get_included_files():
/usr/local/htdocs/test/subdir/scripttest.php
/usr/local/htdocs/test/includeme.inc
Now I will try to get my current working directory using getcwd()
getcwd() returned /usr/local/htdocs/test/subdir
Test end.
[Back to original message]
|