#48880 [Opn->Csd]: Random Appearing open_basedir problem

[rasmus]

 ID:               48880
 Updated by:       ras...@php.net
 Reported By:      brwarner at rogers dot com
-Status:           Open
+Status:           Closed
 Bug Type:         Safe Mode/open_basedir
 Operating System: *
 PHP Version:      5.3SVN-2009-07-27 (snap)
 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:
------------------------------------------------------------------------

[2009-07-31 21:09:46] s...@php.net

Automatic comment from SVN on behalf of rasmus
Revision: http://svn.php.net/viewvc/?view=revision&revision=286602
Log: Fix bug #48880
The ini entry was being corrupted because it wasn't being set
on the ACTIVATE and DEACTIVATE stages.

------------------------------------------------------------------------

[2009-07-31 03:34:00] starcraftmazter at gmail dot com

I think this bug is closely related to 48744
http://bugs.php.net/bug.php?id=48744

To say what I said in the other bug report,

I can confirm that I have a very similar issue. I have been running
PHP
with open_basedir for quite some time. I upgraded to php 5.3.0
recently,
previously having ran php 5.2.5. Immediately after installing the
newly
compiled version, the issues began.

The problem as I experience it, is that the "open_basedir" setting
seems
to be composed of random, non latin1 characters (displayed as symbols
by
the browser). I cannot draw any reasons as to which users are affected
by this or why, but it does not happen to everyone - it is seemingly
random.

I am using CentOS 5.3 with the latest cPanel 11 on CURRENT which
manages
the open_basedir. I am using Apache 2.2.6.

My compile string is as follows;

'./configure' '--prefix=/usr/local'
'--with-apxs2=/usr/local/apache/bin/apxs' '--enable-bcmath'
'--enable-calendar' '--enable-exif' '--enable-ftp'
'--enable-gd-native-ttf' '--enable-libxml' '--enable-mbstring'
'--enable-soap' '--enable-sockets' '--enable-zip' '--with-bz2'
'--with-curl=/opt/curlssl/' '--with-curlwrappers'
'--with-freetype-dir=/usr' '--with-gd' '--with-gettext'
'--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr'
'--with-jpeg-dir=/usr' '--with-kerberos' '--with-libdir=lib64'
'--with-libxml-dir=/opt/xml2' '--with-libxml-dir=/opt/xml2/'
'--with-mcrypt=/opt/libmcrypt/' '--with-mhash=/opt/mhash/'
'--with-openssl-dir=/usr' '--with-pic' '--with-png-dir=/usr'
'--with-xpm-dir=/usr' '--with-xsl=/opt/xslt/' '--with-zlib'
'--with-zlib-dir=/usr' '--with-openssl=/usr' '--with-mysql'
'--with-mysqli' '--with-pgsql' '--with-sqlite=shared'
'--enable-pdo=shared' '--with-pdo-sqlite=shared'
'--with-pdo-mysql=shared' '--with-pdo-pgsql=shared'
'--with-magickwand=/usr/local/bin'

You can check other relevant settings here:
http://liway.com/test.php

For reference, here is the screenshot of the exact error message which
one of the accounts is getting, which shows the open_basedir setting
being composed of weird characters.
http://img75.imageshack.us/img75/6261/screenshot1a.png
The situation involves phpbb3 trying to include parts of itself, so I
am
confident that it should be allowed, as it's in the same directory or
close directories within a single account home folder.

The second screenshot is of the relevant open_basedir setting in the
httpd.conf file. I have checked the settings against those in the
virtual hosts of other accounts where open_basedir works without
errors,
and I can confirm that they are absolutely identical (apart from the
actual home directory).
http://img75.imageshack.us/img75/626/screenshot2w.png

Needless to say, this is a very serious issue, as open_basedir is an
extremely important security measure for those of us who don't run
suPHP, and now it is impossible to use it because of these problems.

I'm available daily for testing, hope this bug report will get some
new
attention for developers.

Cheers

------------------------------------------------------------------------

[2009-07-30 13:19:21] tobias dot rausch at web dot de

I'm expecting the same problem with Suse, Apache2 and PHP5.3 .
I configured open_basedir correctly in vhost.conf and included this
conf files into httpd.include.
I think it is really strange because if you reload a page, sometimes
the error changes or it even disappears for some reason..
I had this type of the error only due to some reloads:
1. Warning: Unknown: open_basedir restriction in effect.
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
is not within the allowed path(s):
(¢­¶/www/vhosts/myrausch.de/httpdocs) in Unknown on line 0

2. Warning: Unknown: open_basedir restriction in effect.
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
is not within the allowed path(s): (p.—… ) in Unknown on line 0

3. Warning: Unknown: open_basedir restriction in effect.
File(/srv/www/vhosts/myrausch.de/subdomains/ba/httpdocs/ipboard/admin/upgrade/index.php)
is not within the allowed path(s): (de-de,de;q=0.8,en-us;q=0.5,en;q=0.3)
in Unknown on line 0

The third one is really strange because it seems to me that the
open_basedir paths look like some language codes?!

------------------------------------------------------------------------

[2009-07-30 02:15:50] brwarner at rogers dot com

Sorry, I didn't know I had to change it to "open," this is my first bug

report.
This bug still happens to mean, and it gets annoying especially when 
javascript is used to load other pages for information - as then 
javascript has a bunch of errors making the page appear wrong as
opposed 
to even showing an error message.)

------------------------------------------------------------------------

[2009-07-29 20:38:38] ninzya at inbox dot lv

I hit this bug quite frequently. I have noticed that it occurs after
some time while apache is running, even if you don't actually request
any pages. You can leave apache working for an hour, or two, and then
request any php file - the result is this bug. Maybe it is somehow
connected to PHP operations it does periodically (GC or something).

One thing is clear - open_basedir's path (string it is referring to) is
being corrupted and memory overwritten. Either it is done by overwriting
this memory, or by change of memory location open_basedir's string ptr
is pointing to.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/48880

-- 
Edit this bug report at http://bugs.php.net/?id=48880&edit=1