Edit report at http://bugs.php.net/bug.php?id=54110&edit=1
ID: 54110
Comment by: carsten_sttgt at gmx dot de
Reported by: carsten_sttgt at gmx dot de
Summary: tsrm_realpath_r and junction point with denied read
access
Status: Feedback
Type: Bug
Package: Filesystem function related
Operating System: Windows
PHP Version: Irrelevant
Block user comment: N
Private report: N
New Comment:
> I'm not sure your diagnostic is correct.
It's no problem to do a:
echo foo>test\test.txt
but it's not possible to do a:
php -r "file_put_contents('test/test.txt', 'foo');"
"dir test" is not possible because "list directory" is denied. (This
deny is only for the junction object itself (only this dir), but not for
objects inside the junction target.)
Thus, "md test1\test2 && dir test\test2" would work.
> Junction or links are supported and work well.
Well, it's working with a symlink, but not with a junction point.
BTW: realpath() on a non existent junction target is also not working as
expected. The output is the name of non existent junction point target.
With a non existent symlink it's the expected false.
Previous Comments:
------------------------------------------------------------------------
[2011-02-27 12:18:11] paj...@php.net
Keeping in mind that PHP does not allow one to access data if it does
not have the
permission to do it (like reading meta outside openbasedir, or similar
cases).
------------------------------------------------------------------------
[2011-02-27 12:15:46] paj...@php.net
I'm not sure your diagnostic is correct. Junction or links are supported
and work
well. Is /deny RD not about denying read data/list directory? Then why
should we
do it?
------------------------------------------------------------------------
[2011-02-27 12:05:35] carsten_sttgt at gmx dot de
Description:
------------
tsrm_realpath_r is having a problem if working with/inside a junction
point and
"read data/list directory" is denied on this junction point.
That's the implementation for many common directories on Windows7/Vista
in e.g. %USERPROFILE%, %ALLUSERSPROFILE% like "%USERPROFILE%\SendTo".
The problem is a call to CreateFile with GENERIC_READ access in
tsrm_realpath_r. Well, the MSDN is writing:
> If this parameter is zero, the application can query certain metadata
> such as file, directory, or device attributes without accessing that
> file or device, even if GENERIC_READ access would have been denied.
I think "zero" is save at this point and that's what I'm doing in my
patch.
Regards,
Carsten
Test script:
---------------
in the shell:
md test1
mklink /j test test1
icacls test /deny *S-1-1-0:(rd)
php -r "var_dump(realpath('test'));"
php -r "var_dump(fopen('test/test.txt', 'w'));"
Expected result:
----------------
string(31) "C:\Users\Public\Documents\test1"
resource(5) of type (stream)
Actual result:
--------------
bool(false)
Warning: fopen(test/test.txt): failed to open stream: No such file or
directory
in Command line code on line 1
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54110&edit=1
