Bug #51860 [Fbk->Opn]: Include fails with toplevel symlink to /

stephan dot suerken at 1und1 dot de Fri, 21 May 2010 04:05:20 -0700

Edit report at http://bugs.php.net/bug.php?id=51860&edit=1


 ID:              51860
 User updated by: stephan dot suerken at 1und1 dot de
 Reported by:     stephan dot suerken at 1und1 dot de
 Summary:         Include fails with toplevel symlink to /
-Status:          Feedback
+Status:          Open
 Type:            Bug
 Package:         Reproducible crash
 PHP Version:     5.3.2

 New Comment:

>[2010-05-20 10:14 UTC] m...@php.net



>You think anybody's goind to untar something in his root AS root?



Well...yes ;). Look at the tarball first, it's harmless.



>Please provide some proper steps to reproduce, thank you.



I could not find another way to reproduce it (yet) but in /; the tarball
seems to be the easiest way to make someone else reproduce it.



Thx,



Stephan


Previous Comments:
------------------------------------------------------------------------
[2010-05-21 12:06:35] the...@php.net

1) Create a symlink in / to /

r...@thekid:/ > ln -s / phptest

r...@thekid:/ > ls -al /phptest

lrwxr-xr-x  1 root  wheel  1 May 21 10:40 /phptest -> /



2) Verify

r...@thekid:/ > echo "OK" > /phpfile

r...@thekid:/ > php -r 'include("/phptest/phpfile");'



Expected result: "OK"



3) Clean up

r...@thekid:/ > rm /phptest /phpfile



You need to be root because you're working in /, that's it:)

------------------------------------------------------------------------
[2010-05-20 14:14:47] m...@php.net

You think anybody's goind to untar something in his root AS root?

Please provide some proper steps to reproduce, thank you.

------------------------------------------------------------------------
[2010-05-19 16:46:20] stephan dot suerken at 1und1 dot de

Description:
------------
Tarball: http://stephan-suerken.de/tmp/php53include.tar.gz



Hi,



with a certain directory setup (symlink pointing to /, see file tree in
php53include.tar.gz) plus script call syntax (see scripts "ok" and
"fail" scripts in tarball), including a file meekly fails.



I have not completely debugged it, but afaics "php_resolve_path" fails
were it should not; I suspect some of the "canonize path" functions
wrongly give an error here.



Thanks,



Stephan

Test script:
---------------
Steps to reproduce:



1. Download: http://stephan-suerken.de/tmp/php53include.tar.gz

[as root]

2. cd /

3. tar xfz php53include.tar.gz

4. /phptest/fail



Expected result:
----------------
# manwe(CHROOT:sid-ui): /phptest

# root? ./ok 

/phpinclude/inc123.php: OK, INCLUDED





Actual result:
--------------
# manwe(CHROOT:sid-ui): /phptest

# root? ./fail

PHP Warning:  require(/phplink/phpinclude/inc123.php): failed to open
stream: No such file or directory in /phptest/test.php on line 2

PHP Fatal error:  require(): Failed opening required
'/phplink/phpinclude/inc123.php'
(include_path='.:/usr/share/php:/usr/share/pear') in /phptest/test.php
on line 2






------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51860&edit=1

Bug #51860 [Fbk->Opn]: Include fails with toplevel symlink to /

Reply via email to