ID: 20190 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Apache related Operating System: FreeBSD PHP Version: 4.3.0-dev New Comment:
hi all, I think I can now even provide more information ... :-) $path beeing wrong does relate from a wrong include_path. It looks like if the apache child has proceeded a request from a webserver with include_path or safe_mode_include_dir set, these are still there. If now a virtual server without these admin values is called, we fail. Looks to me like these variables are not properly initialized and still contain their old values. Of course the openbasedir checks then against the wrong include path and there we are :-( I'll look if I can really find the bug and fix it. Martin Previous Comments: ------------------------------------------------------------------------ [2002-10-31 17:09:40] [EMAIL PROTECTED] I have tried to do workarounds earlier. But it seems that this one here now has solved both issues, the wrong random "basedir message" and the segfaults I encountered with my first two patches. http://people.freebsd.org/~mbr/patches/patch-main+fopen_wrappers.c The solution is quite easy. In the onyl case where the error happens, zend_get_executed_filename() is correct. and can be used. Since the error happens on perfect legitimate requests, which work most of the time, I don't think this is a security risk. If no executed filename is set, I set $newpath to a empty string. Note that this is a workaround only. And I print the errors to syslog, since I can watch that easier. ------------------------------------------------------------------------ [2002-10-31 16:34:24] [EMAIL PROTECTED] It looks to me that $path is composed somewhere. And a the old basedir entry was not overwritten correctly. So $path is $basedir + $called phpfile and the $basedir is plain wrong. Some hint where this happens ? ------------------------------------------------------------------------ [2002-10-31 16:24:52] [EMAIL PROTECTED] Sorry ... >There is no "/www/doc/www.bbb.imp.ch-80/html/visions/php" >exists, but this is a different customer. This should be: There is a dir "/www/doc/www.bbb.imp.ch-80 ..." but this is a different customer. ------------------------------------------------------------------------ [2002-10-31 16:23:17] [EMAIL PROTECTED] This is a example: Correct: PG(open_basedir)=/www/doc/www.aaa.ch-80, Correct: zend_get_executed_filename() = /www/doc/www.aaa.ch-80/index.php, Wrong: path=/www/doc/www.bbb.imp.ch-80/html/visions/php//ueberuns/mannschaft.php There is no "/www/doc/www.bbb.imp.ch-80/html/visions/php" exists, but this is a different customer. The correct filename would be: "/www/doc/www.aaa.ch-80/ueberuns/mannschaft.php" Also note the two "//" slashes ... ------------------------------------------------------------------------ [2002-10-31 16:15:42] [EMAIL PROTECTED] Ok, I think I'm a bit smarter now. zend_get_executed_filename() can only be used if zend_is_executing(TSRMLS_C) is true. That explains the uninitialisized values there. If I do a check for this, the errors go away and the segfaults are gone. Buth $path can still point to a wrong virtual server. That happens in 1/500 requests, and the thing is random. I try to solve this now. Martin ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20190 -- Edit this bug report at http://bugs.php.net/?id=20190&edit=1