#48880 [Com]: Random Appearing open_basedir problem

[starcraftmazter at gmail dot com]

 ID:               48880
 Comment by:       starcraftmazter at gmail dot com
 Reported By:      brwarner at rogers dot com
 Status:           Open
 Bug Type:         Safe Mode/open_basedir
 Operating System: *
 PHP Version:      5.3SVN-2009-07-27 (snap)
 New Comment:

I think this bug is closely related to 48744
http://bugs.php.net/bug.php?id=48744

To say what I said in the other bug report,

I can confirm that I have a very similar issue. I have been running
PHP
with open_basedir for quite some time. I upgraded to php 5.3.0
recently,
previously having ran php 5.2.5. Immediately after installing the
newly
compiled version, the issues began.

The problem as I experience it, is that the "open_basedir" setting
seems
to be composed of random, non latin1 characters (displayed as symbols
by
the browser). I cannot draw any reasons as to which users are affected
by this or why, but it does not happen to everyone - it is seemingly
random.

I am using CentOS 5.3 with the latest cPanel 11 on CURRENT which
manages
the open_basedir. I am using Apache 2.2.6.

My compile string is as follows;

'./configure' '--prefix=/usr/local'
'--with-apxs2=/usr/local/apache/bin/apxs' '--enable-bcmath'
'--enable-calendar' '--enable-exif' '--enable-ftp'
'--enable-gd-native-ttf' '--enable-libxml' '--enable-mbstring'
'--enable-soap' '--enable-sockets' '--enable-zip' '--with-bz2'
'--with-curl=/opt/curlssl/' '--with-curlwrappers'
'--with-freetype-dir=/usr' '--with-gd' '--with-gettext'
'--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr'
'--with-jpeg-dir=/usr' '--with-kerberos' '--with-libdir=lib64'
'--with-libxml-dir=/opt/xml2' '--with-libxml-dir=/opt/xml2/'
'--with-mcrypt=/opt/libmcrypt/' '--with-mhash=/opt/mhash/'
'--with-openssl-dir=/usr' '--with-pic' '--with-png-dir=/usr'
'--with-xpm-dir=/usr' '--with-xsl=/opt/xslt/' '--with-zlib'
'--with-zlib-dir=/usr' '--with-openssl=/usr' '--with-mysql'
'--with-mysqli' '--with-pgsql' '--with-sqlite=shared'
'--enable-pdo=shared' '--with-pdo-sqlite=shared'
'--with-pdo-mysql=shared' '--with-pdo-pgsql=shared'
'--with-magickwand=/usr/local/bin'

You can check other relevant settings here:
http://liway.com/test.php

For reference, here is the screenshot of the exact error message which
one of the accounts is getting, which shows the open_basedir setting
being composed of weird characters.
http://img75.imageshack.us/img75/6261/screenshot1a.png
The situation involves phpbb3 trying to include parts of itself, so I
am
confident that it should be allowed, as it's in the same directory or
close directories within a single account home folder.

The second screenshot is of the relevant open_basedir setting in the
httpd.conf file. I have checked the settings against those in the
virtual hosts of other accounts where open_basedir works without
errors,
and I can confirm that they are absolutely identical (apart from the
actual home directory).
http://img75.imageshack.us/img75/626/screenshot2w.png

Needless to say, this is a very serious issue, as open_basedir is an
extremely important security measure for those of us who don't run
suPHP, and now it is impossible to use it because of these problems.

I'm available daily for testing, hope this bug report will get some
new
attention for developers.

Cheers


Previous Comments:
------------------------------------------------------------------------

[2009-07-30 13:19:21] tobias dot rausch at web dot de

I'm expecting the same problem with Suse, Apache2 and PHP5.3 .
I configured open_basedir correctly in vhost.conf and included this
conf files into httpd.include.
I think it is really strange because if you reload a page, sometimes
the error changes or it even disappears for some reason..
I had this type of the error only due to some reloads:
1. Warning: Unknown: open_basedir restriction in effect.
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
is not within the allowed path(s):
(¢­¶/www/vhosts/myrausch.de/httpdocs) in Unknown on line 0

2. Warning: Unknown: open_basedir restriction in effect.
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
is not within the allowed path(s): (p.—… ) in Unknown on line 0

3. Warning: Unknown: open_basedir restriction in effect.
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
is not within the allowed path(s): (de-de,de;q=0.8,en-us;q=0.5,en;q=0.3)
in Unknown on line 0

The third one is really strange because it seems to me that the
open_basedir paths look like some language codes?!

------------------------------------------------------------------------

[2009-07-30 02:15:50] brwarner at rogers dot com

Sorry, I didn't know I had to change it to "open," this is my first bug

report.
This bug still happens to mean, and it gets annoying especially when 
javascript is used to load other pages for information - as then 
javascript has a bunch of errors making the page appear wrong as
opposed 
to even showing an error message.)

------------------------------------------------------------------------

[2009-07-29 20:38:38] ninzya at inbox dot lv

I hit this bug quite frequently. I have noticed that it occurs after
some time while apache is running, even if you don't actually request
any pages. You can leave apache working for an hour, or two, and then
request any php file - the result is this bug. Maybe it is somehow
connected to PHP operations it does periodically (GC or something).

One thing is clear - open_basedir's path (string it is referring to) is
being corrupted and memory overwritten. Either it is done by overwriting
this memory, or by change of memory location open_basedir's string ptr
is pointing to.

------------------------------------------------------------------------

[2009-07-26 07:17:07] duchesne7 at gmail dot com

I confirm this bug under Fedora 11 x64 with Apache 2.2.10 and PHP 5.3.0
(also tryed last SVN with no luck).
Seems to be some sort of memory corruption since I sometimes see HTTP
headers in the allowed paths, like:

File(/home/cpanel/index.php) is not within the allowed 
path(s): (
ww\t
X-Powered-By: P) in Unknown on line 0

It happens whenever open_basedir is modified at runtime (either with
php_admin_value in httpd.conf or with an extension that I use which
reset open_basedir according to regex rules before script execution.)

------------------------------------------------------------------------

[2009-07-25 16:06:26] server at grow-werbeagentur dot de

Confirm this Bug.

Still persists with 200907251430

went back to 5.2.10 now, cause this is very anyoing..

The weird thing though is, that I tested the 5.3.0 release on our dev
server first with no errors at all but when installing it on our
production servers, which are configured exactly the same as our dev, I
get this random open_basedir error..

weird..

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/48880

-- 
Edit this bug report at http://bugs.php.net/?id=48880&edit=1