Edit report at http://bugs.php.net/bug.php?id=54110&edit=1
ID: 54110
Updated by: paj...@php.net
Reported by: carsten_sttgt at gmx dot de
Summary: tsrm_realpath_r and junction point with denied read
access
-Status: Feedback
+Status: Assigned
Type: Bug
Package: Filesystem function related
Operating System: Windows
PHP Version: Irrelevant
-Assigned To:
+Assigned To: pajoye
Block user comment: N
Private report: N
New Comment:
It is not only about windows (sometimes very confusing) ways to
configure ACL but portability in the way permissions or what we allow or
not work.
I'm also not sure that what you proposed does not break more that what
it solves.
I will double check that later in March.
Previous Comments:
------------------------------------------------------------------------
[2011-02-27 16:58:33] carsten_sttgt at gmx dot de
> Junction does work very well.
You have tested this?
| mklink test1 nonexistent
| mklink /j test2 nonexistent
| php -r "var_dump(realpath('test1'));"
| php -r "var_dump(realpath('test2'));"
What did you expect? (You can also test it with the sample exe below)
> We had similar cases where someone wanted to access stat
> info from an unreadable file.
It's a difference, if generic read access is denied, or data read
access. This still allows me to other things with an object, e.g reading
attributes or permissions...
> I'm somehow not convinced that we should allow that now.
PHP can't allow me, what is not allowed/possible from the ACL. It's just
working wrong in this piece of code. Because:
- I have full rights on e.g. test1\test.php
- But PHP don't let me do anything with this file
That's just wrong.
Maybe we should think about what this function tsrm_realpath_r is doing.
It's just resolving a relative path to an absolute one. And it's testing
if the target exists. Nothing else. It's something like:
| #include <windows.h>
| #include <tchar.h>
| #include <stdio.h>
|
| void _tmain(int argc, TCHAR *argv[]) {
| HANDLE hFile;
| TCHAR buffer[MAX_PATH]=TEXT("");
|
| if (GetFullPathName(argv[1], MAX_PATH, buffer, NULL)) {
| hFile = CreateFile(
| buffer, 0, 0, NULL, OPEN_EXISTING,
| FILE_FLAG_BACKUP_SEMANTICS, NULL
| );
| if (hFile != INVALID_HANDLE_VALUE) {
| _tprintf(TEXT("The full path name is: %s\n"), buffer);
| CloseHandle(hFile);
| exit(EXIT_SUCCESS);
| }
| }
| _tprintf(TEXT("GetFullPathName failed (%d)\n"), GetLastError());
| exit(EXIT_FAILURE);
| }
(ok, this simple example does not resolve the final pathname from a
symlink)
Such a function must not have GENERIC_READ as DesiredAccess, because it
doesn't want read any data from any object. Especially it doesn't know
what I want do with this file(name) at another place. The final access
control and opening the handle for the real work is done at another
place.
And of course. If generic access is denied from the ACL, CreateFile with
"0" also fail. (you can't do things which are not allowed...)
------------------------------------------------------------------------
[2011-02-27 15:24:15] paj...@php.net
I don't agree. Junction does work very well.
The exact case you are using may not work but I'm somehow not convinced
that we
should allow that now. We had similar cases where someone wanted to
access stat
info from an unreadable file.
------------------------------------------------------------------------
[2011-02-27 12:54:20] carsten_sttgt at gmx dot de
> I'm not sure your diagnostic is correct.
It's no problem to do a:
echo foo>test\test.txt
but it's not possible to do a:
php -r "file_put_contents('test/test.txt', 'foo');"
"dir test" is not possible because "list directory" is denied. (This
deny is only for the junction object itself (only this dir), but not for
objects inside the junction target.)
Thus, "md test1\test2 && dir test\test2" would work.
> Junction or links are supported and work well.
Well, it's working with a symlink, but not with a junction point.
BTW: realpath() on a non existent junction target is also not working as
expected. The output is the name of non existent junction point target.
With a non existent symlink it's the expected false.
------------------------------------------------------------------------
[2011-02-27 12:18:11] paj...@php.net
Keeping in mind that PHP does not allow one to access data if it does
not have the
permission to do it (like reading meta outside openbasedir, or similar
cases).
------------------------------------------------------------------------
[2011-02-27 12:15:46] paj...@php.net
I'm not sure your diagnostic is correct. Junction or links are supported
and work
well. Is /deny RD not about denying read data/list directory? Then why
should we
do it?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=54110
--
Edit this bug report at http://bugs.php.net/bug.php?id=54110&edit=1
