ID: 41899 Updated by: [EMAIL PROTECTED] -Reported By: geoffwa at cs dot rmit dot edu dot au +Reported By: [EMAIL PROTECTED] -Status: Assigned +Status: Feedback Bug Type: Streams related Operating System: Solaris 10 PHP Version: 5.2.3 -Assigned To: tony2001 +Assigned To: ab5602 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi Try the latest CVS snapshot. Fixed the 41822 bug, which I feel is probably the same. Previous Comments: ------------------------------------------------------------------------ [2007-09-17 09:48:37] ian at onlineloop dot com Unfortunately we are not in a position to wither wait for PHP6 nor immediately migrate to it when it does come out. We have too many users with too many scripts on our server, and telling over 800 people that they have to adjust their scripts in less than 6 months just doesn't work here :-( With the continuing failure to fix this bug, we are left in a very uncomfortable situation, either continue with the security hole loaded 5.1.6, or apply the patch you offered. No one from the PHP project has logged into the system we set up for them on an E3500 since 5 July 2007 either, so I'm really left wondering about the seriousness there is to actually fix this bug. Anyway, I have seen from the source for PHP that realpath is definately not a function from Sun. realplath is all from the PHP project itself, so the attempt to shovel off the blame to Sun (post from 6 Jul 3:16pm) is not justifiable. Besides, this all worked just fine up until PHP 5.2.0 came out... ------------------------------------------------------------------------ [2007-09-13 01:56:00] geoffwa at cs dot rmit dot edu dot au I'll stress again that while the patch may work, I'm not sure if it's 'correct' or not, mainly because I have no idaa what php_checkuid_ex() is supposed to return, safe_mode-isms like open_basedir may need it. I just traced the execution of the offending PHP script repeatedly for the failure case, and deduced that the expand_filepath() call in php_checkuid_ex() that I've removed in the patch was returning an empty path under similar conditions to where a getcwd() call would fail. The actual path blatting appeared to occur in virtual_file_ex(), and we produced a separate patch which completely short-circuited this function and also made the all test conditions work. Given that PHP6 is removing safe_mode completely, I imagine this problem will hopefully be fixed then :) ------------------------------------------------------------------------ [2007-09-12 11:53:14] ian at onlineloop dot com I've tried the patch offered by Geoff. It seems to work just fine for us too in the cvs version from today (php5.2-200709121030). ------------------------------------------------------------------------ [2007-09-12 10:38:34] ian at onlineloop dot com Verified that this is still not working in 5.2.4. We made a system available on a Sun E3500, partially for the purposes of fixing this bug. The last login from anyone from the PHP team was on 5 July 2007. Is there any time plan to fix this bug? We are running on Solaris 10 and are stuck on PHP 5.1.6 because of this problem, so the situation for us is critical. ------------------------------------------------------------------------ [2007-08-14 15:21:39] wdierkes at 5dollarwhitebox dot org I have verified that this is *NOT* fixed in the latest CVS snapshot. Tested on Redhat Enterprise Linux 4 i386. Can we can an ETA on an official patch? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/41899 -- Edit this bug report at http://bugs.php.net/?id=41899&edit=1