On 19/02/13 01:30, Kevin Yung wrote:
In our environment, we use NFS for shared storage, we are using APC as well
with stat=0. In our setting, we also experiencing high number of stat()
calls on our file system. My initial finding of this problem is we enabled
the open_basedir setting. And there is already a bug report for this,
https://bugs.php.net/bug.php?id=52312
We tested the issue in 5.2.x, 5.3.x and 5.4.x, all of them experiencing
same issue.
Kevin, I've just walked through this in 5.3 and 54 and updated this
bugrep. In short there is some silly coding here which should be
addressed. Even if we accept that PHP should comply with
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5178 if
open_basedir is set, then the cache should only be ignored on the actual
open itself, as this is the only one that is exploitable, but let's have
this debate on the bugrep. Let me think about the security and other
NFRs and propose a patch.
