Edit report at https://bugs.php.net/bug.php?id=53275&edit=1
ID: 53275 Updated by: fel...@php.net Reported by: dr dot cyberowl at gmail dot com Summary: dynamic loading bug related with CVE-2010-3847 -Status: Open +Status: Bogus Type: Bug Package: Dynamic loading Operating System: Linux PHP Version: 5.3.3 Block user comment: N Private report: N New Comment: Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Previous Comments: ------------------------------------------------------------------------ [2010-11-09 10:46:42] dr dot cyberowl at gmail dot com Description: ------------ I'm running apache with setuid as root. When I convert string from euc-kr to utf-8 through iconv, I met next message. iconv(): Wrong charset, conversion from 'EUC-KR' to 'UTF-8' is now allowed after some google. I found solution. This problem caused by security patch on glibc ld.so dynamic linker. http://www.securityfocus.com/bid/44154 glibc-2.11 and over has patched. so you can produce same results. Test code <? $test='adasdasd'; echo iconv('euc-kr', 'utf-8', $test); ?> Here are some strace results. 1. with plain php cli binary ------------ CLIP ----------------- futex(0xb73aca8c, FUTEX_WAKE_PRIVATE, 2147483647) = 0 open("/usr/lib/gconv/EUC-KR.so", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\4\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=13624, ...}) = 0 mmap2(NULL, 12316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb722f000 mmap2(0xb7231000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb7231000 close(3) = 0 open("/usr/lib/gconv/tls/i686/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls/i686/sse2/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/tls/i686/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls/i686/sse2", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/tls/i686/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls/i686/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/tls/i686/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls/i686", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/tls/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls/sse2/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/tls/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls/sse2", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/tls/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/tls/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/tls", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/i686/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/i686/sse2/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/i686/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/i686/sse2", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/i686/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/i686/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/i686/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/i686", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/sse2/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/sse2", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) stat64("/usr/lib/gconv/cmov", 0xbf9d912c) = -1 ENOENT (No such file or directory) open("/usr/lib/gconv/libKSC.so", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \4\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=46384, ...}) = 0 mmap2(NULL, 49172, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7222000 mmap2(0xb722d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0xb722d000 close(3) = 0 mprotect(0xb722d000, 4096, PROT_READ) = 0 mprotect(0xb7231000, 4096, PROT_READ) = 0 ------------ CLIP ----------------- 2. with php cli binary setuided as root (run as normal user) ------------ CLIP ----------------- futex(0xb7469a8c, FUTEX_WAKE_PRIVATE, 2147483647) = 0 open("/usr/lib/gconv/EUC-KR.so", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\4\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=13624, ...}) = 0 mmap2(NULL, 12316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72ec000 mmap2(0xb72ee000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb72ee000 close(3) = 0 open("$ORIGIN/tls/i686/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/tls/i686/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/tls/i686/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/tls/i686/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/tls/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/tls/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/tls/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/tls/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/i686/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/i686/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/i686/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/i686/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/sse2/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/sse2/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/cmov/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("$ORIGIN/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/home/betmaster/apps/mysql/lib/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=16316, ...}) = 0 mmap2(NULL, 16316, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb72e8000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libKSC.so", O_RDONLY) = -1 ENOENT (No such file or directory) ------------ CLIP ----------------- ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=53275&edit=1
