#31323 [Com]: session file permissions differ randomly

[bclaydon at volved dot com]

 ID:               31323
 Comment by:       bclaydon at volved dot com
 Reported By:      julien dot mathieu at gmail dot com
 Status:           No Feedback
 Bug Type:         Session related
 Operating System: Linux
 PHP Version:      5.1.2, 4.3.9
 New Comment:

To provide further details, I am also using Debian (Sarge) with the
latest 4.3.10-16 PHP4 package.

My /var/liv/php4 looks exactly as 'pieter at q-go dot com' mentioned:

drwx-wx-wt   2 root     root     4.0K 2006-11-04 18:58 ./
drwxr-xr-x  35 root     root     4.0K 2006-09-08 19:11 ../
-rw-------   1 www-data www-data   77 2006-11-04 18:58
sess_7b8da94a2febce75775d9082cd20d58d
-rw-------   1 www-data www-data  116 2006-11-04 19:05
sess_856401c969cc1d4e68b6ffd75457c743
-rw-------   1 www-data www-data  116 2006-11-04 18:58
sess_b5419618a3586b7e3b940a0eaf137fb9
-rw-------   1 www-data www-data  116 2006-11-04 19:09
sess_f7d957b726ff923b4b1f6178f8db489f


I am seeing this issue fairly frequently during usage of CakePHP
framework which has fairly detailed usage of session functions.

I hope this is resolved at some point, especially if it is still open
as of 5.2.0


Previous Comments:
------------------------------------------------------------------------

[2006-05-22 09:20:29] pieter at q-go dot com

We have similar problems on Debian with PHP 5.1.2 and 5.1.4.

Sessions are all created with correct permissions, but we get the same
permission denied error in 5% of the cases.

drwx-wx-wt   2 root     root     4096 May 22 11:03 .
drwxr-xr-x  27 root     root     4096 May 18 13:44 ..
-rw-------   1 www-data www-data    0 May 22 11:03
sess_11f06ca5b4701f4be8be30b275e4e51e
-rw-------   1 www-data www-data 1569 May 22 11:00
sess_1856e3c4630f074a1b0490c4792c3e53
-rw-------   1 www-data www-data    0 May 22 10:21
sess_d110fb48e440d1ec4ac610243e897c69
-rw-------   1 www-data www-data 1717 May 22 11:05
sess_f9668179e8a92714f4d9553504bdcd93

Changing the default Debian permissions on /var/lib/php5 from
drwx-wx-wt to drwxrwxrwt seems to help.

I am putting this here because if the two cases are related, the
problem might be more general.

------------------------------------------------------------------------

[2006-03-28 13:15:10] [EMAIL PROTECTED]

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.



------------------------------------------------------------------------

[2006-03-21 19:02:31] jd at godaddy dot com

I should note that after we cleaned all of the sess_* files in /tmp,
the problem seems to have gone away (at least for the moment).  Why are
future PHP session file permissions being corrupted by preexisting
session files?  Is there possibly a buffer overflow possible in the
session files, where perhaps a corrupted session file can clobber these
pages?

------------------------------------------------------------------------

[2006-03-21 17:35:39] jd at godaddy dot com

We're seeing this with PHP 4.4.1 and Zend Platform v2.1.0 when using
phpMyAdmin.

Check out these permissions

-rwxr-xr-x    1 nobody   nobody      15187 Mar 16 12:06
sess_0834d5863159f74b560ee4c64fab1eb5
-rwxrwxrwx    1 nobody   nobody          0 Mar 21 09:29
sess_243458755660a3b6be9cd416c67bb7e7
-rwxrwxrwx    1 nobody   nobody      15186 Mar 15 12:20
sess_435fad9a208051008e0efa69bd1d6fc7
-rwxrwxrwx    1 root     root            0 Mar 21 09:25
sess_47957086e32d77933e6fd8a1dc63e1f7
-rwx--x--T    1 nobody   nobody      15187 Mar 15 12:54
sess_7b9a5a1840f81a13e86c0ae8ced7ff7a
-rwx--x--T    1 nobody   nobody      15187 Mar 15 12:44
sess_9bedbfafd824c4a3495e7e36070daaca
-rwxr-xr-x    1 nobody   nobody      15191 Mar 13 16:55
sess_b01db0867b79aa251c20356e519cac8b
-rwx--x--T    1 nobody   nobody      15187 Mar 15 15:06
sess_ec5699d9df2be07f8c06c4676230c3de
-rwx--x--T    1 nobody   nobody      15191 Mar 15 11:47
sess_fb0e71df00e24b1b6d22b771fb4c7281

------------------------------------------------------------------------

[2006-02-07 11:15:11] julien dot mathieu at gmail dot com

I work now with the 5.1.2 version. The problem still occurs.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/31323

-- 
Edit this bug report at http://bugs.php.net/?id=31323&edit=1