[PHP-BUG] Bug #52312 [NEW]: PHP lstat problem

Mon, 12 Jul 2010 01:04:01 -0700 

From:             
Operating system: Linux
PHP version:      5.2.13
Package:          Safe Mode/open_basedir
Bug Type:         Bug
Bug description:PHP lstat problem

Description:
------------
PHP lstat full pathname many times (at least 4) before read the file is
looking for.

This behavior appear when in apache httpd configuration is specified
PHP_ADMIN_VALUE open_basedir or safe_mode is On.

Test script:
---------------
To reproduce the problem please create a page phpinfo.php: "<? phpinfo()
?>".



I have httpd.2.2.15, PHP 5.2.13.



[r...@svilpar4 ~]# /usr/local/apache2/bin/httpd -V

Server version: Apache/2.2.15 (Unix)

Server built:   Jul  9 2010 17:30:06

Server's Module Magic Number: 20051115:24

Server loaded:  APR 1.2.7, APR-Util 1.2.7

Compiled using: APR 1.2.7, APR-Util 1.2.7

Architecture:   64-bit

Server MPM:     Prefork

  threaded:     no

    forked:     yes (variable process count)

Server compiled with....

 -D APACHE_MPM_DIR="server/mpm/prefork"

 -D APR_HAS_SENDFILE

 -D APR_HAS_MMAP

 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)

 -D APR_USE_SYSVSEM_SERIALIZE

 -D APR_USE_PTHREAD_SERIALIZE

 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

 -D APR_HAS_OTHER_CHILD

 -D AP_HAVE_RELIABLE_PIPED_LOGS

 -D DYNAMIC_MODULE_LIMIT=128

 -D HTTPD_ROOT="/usr/local/apache2"

 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"

 -D DEFAULT_PIDLOG="logs/httpd.pid"

 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"

 -D DEFAULT_LOCKFILE="logs/accept.lock"

 -D DEFAULT_ERRORLOG="logs/error_log"

 -D AP_TYPES_CONFIG_FILE="conf/mime.types"

 -D SERVER_CONFIG_FILE="conf/httpd.conf"



[r...@svilpar4 ~]# /usr/local/php5.2.13/bin/php -v

PHP 5.2.13 (cli) (built: Jul  1 2010 16:02:03) 

Copyright (c) 1997-2010 The PHP Group

Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies



Now we specify PHP_ADMIN_VALUE open_basedir</strong> in Virtual host
configuration:



<Directory "/usr/local/myspace/webspace/httpdocs">

                PHP_ADMIN_VALUE open_basedir "/usr/local/myspace/webspace"

</Directory>

<VirtualHost *:80>

        ServerName damorealt.xoom.it

        DocumentRoot "/usr/local/myspace/webspace/httpdocs"

    CustomLog   /var/log/httpd/damorealt/access_log   combined

    ErrorLog   /var/log/httpd/damorealt/error_log

</VirtualHost >



Stop & start apache httpd, "strace -f" all httpd instances and then call
page http://damorealt.xoom.it/phpinfo.php, so we can reproduce behavior



Expected result:
----------------
If PHP_ADMIN_VALUE open_basedir "/usr/local/myspace/webspace" is removed
and safe_mode is Off :



226235 accept(3, {sa_family=AF_INET, sin_port=htons(59366),
sin_addr=inet_addr("212.48.14.186")}, [17179869200]) = 15

26235 getsockname(15, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("151.99.197.198")}, [17179869200]) = 0

26235 fcntl(15, F_GETFL)                = 0x2 (flags O_RDWR)

26235 fcntl(15, F_SETFL, O_RDWR|O_NONBLOCK) = 0

26235 read(15, "GET /phpinfo.php HTTP/1.0\r\nUser-"..., 8000) = 129

26235 gettimeofday({1278696735, 988799}, NULL) = 0

26235 stat("/usr/local/myspace/webspace/httpdocs/phpinfo.php",
{st_mode=S_IFREG|0644, st_size=16, ...}) = 0

26235 open("/usr/local/myspace/.htaccess", O_RDONLY) = -1 ENOENT (No such
file or directory)

26235 open("/usr/local/myspace/webspace/.htaccess", O_RDONLY) = -1 ENOENT
(No such file or directory)

26235 open("/usr/local/myspace/webspace/httpdocs/.htaccess", O_RDONLY) = -1
ENOENT (No such file or directory)

26235 open("/usr/local/myspace/webspace/httpdocs/phpinfo.php/.htaccess",
O_RDONLY) = -1 ENOTDIR (Not a directory)

26235 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={20, 0}}, NULL)
= 0

26235 rt_sigaction(SIGPROF, {0x2afef587dd80, [PROF],
SA_RESTORER|SA_RESTART, 0x3916e302d0}, {SIG_DFL, [], 0}, 8) = 0

26235 rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0

26235 getcwd("/"..., 4095)              = 2

26235 chdir("/usr/local/myspace/webspace/httpdocs") = 0



water boiling point



26235 time(NULL)                        = 1278696735

26235 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

26235 lstat("/usr/local", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

26235 lstat("/usr/local/myspace", {st_mode=S_IFDIR|0755, st_size=4096,
...}) = 0

26235 lstat("/usr/local/myspace/webspace", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

26235 lstat("/usr/local/myspace/webspace/httpdocs", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

26235 lstat("/usr/local/myspace/webspace/httpdocs/phpinfo.php",
{st_mode=S_IFREG|0644, st_size=16, ...}) = 0



And read the file.



26235 open("/usr/local/myspace/webspace/httpdocs/phpinfo.php", O_RDONLY) =
16

26235 fstat(16, {st_mode=S_IFREG|0644, st_size=16, ...}) = 0

26235 read(16, "<? phpinfo() ?>\n", 8192) = 16

26235 read(16, "", 8192)                = 0

26235 read(16, "", 8192)                = 0

26235 close(16)                         = 0

26235 uname({sys="Linux", node="svilpar4", ...}) = 0

26235 time(NULL)                        = 1278696735

26235 writev(15, [{"HTTP/1.1 200 OK\r\nDate: Fri, 09 J"..., 173},
{"<!DOCTYPE html PUBLIC \"-//W3C//D"..., 4109}, {"<table border=\"0\"
cellpadding=\"3"..., 4101}], 3) = 8383

26235 writev(15, [{"<tr><td class=\"e\">highlight.bg</"..., 4105},
{"sendmail_from</td><td class=\"v\">"..., 4099}], 2) = 8204

26235 time(NULL)                        = 1278696735

26235 writev(15, [{" </td></tr>\n<tr><td class=\"e\">HT"..., 4108},
{"</td><td class=\"v\">1024</td><td "..., 4098}], 2) = 8206

26235 writev(15, [{"md2 md4 md5 sha1 sha256 sha384 s"..., 4098}, {"
</td></tr>\n</table><br />\n<tabl"..., 4106}], 2) = 8204

26235 writev(15, [{"session.use_cookies</td><td clas"..., 4104}, {"
</td><td class=\"v\">enabled </td"..., 4102}], 2) = 8206

26235 chdir("/")                        = 0

26235 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) =
0

26235 writev(15, [{"\"]</td><td class=\"v\">Keep-Alive<"..., 4206}], 1) =
4206

26235 write(10, "212.48.14.186 - - [09/Jul/2010:1"..., 116) = 116

26235 shutdown(15, 1 /* send */)        = 0

26235 poll([{fd=15, events=POLLIN}], 1, 2000) = 1 ([{fd=15,
revents=POLLIN|POLLHUP}])

26235 read(15, "", 512)                 = 0

26235 close(15)                         = 0

26235 read(4, 0x7fff615ff5eb, 1)        = -1 EAGAIN (Resource temporarily
unavailable)

26235 accept(3, 



Actual result:
--------------
If PHP_ADMIN_VALUE open_basedir "/usr/local/myspace/webspace" is set and
safe_mode is On :



25933 accept(3, {sa_family=AF_INET, sin_port=htons(47433),
sin_addr=inet_addr("212.48.14.186")}, [17179869200]) = 15

25933 getsockname(15, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("151.99.197.198")}, [17179869200]) = 0

25933 fcntl(15, F_GETFL)                = 0x2 (flags O_RDWR)

25933 fcntl(15, F_SETFL, O_RDWR|O_NONBLOCK) = 0

25933 read(15, "GET /phpinfo.php HTTP/1.0\r\nUser-"..., 8000) = 129

25933 gettimeofday({1278695388, 52976}, NULL) = 0

25933 stat("/usr/local/myspace/webspace/httpdocs/phpinfo.php",
{st_mode=S_IFREG|0644, st_size=16, ...}) = 0

25933 open("/usr/local/myspace/.htaccess", O_RDONLY) = -1 ENOENT (No such
file or directory)

25933 open("/usr/local/myspace/webspace/.htaccess", O_RDONLY) = -1 ENOENT
(No such file or directory)

25933 open("/usr/local/myspace/webspace/httpdocs/.htaccess", O_RDONLY) = -1
ENOENT (No such file or directory)

25933 open("/usr/local/myspace/webspace/httpdocs/phpinfo.php/.htaccess",
O_RDONLY) = -1 ENOTDIR (Not a directory)

25933 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={20, 0}}, NULL)
= 0

25933 rt_sigaction(SIGPROF, {0x2b80442fdd80, [PROF],
SA_RESTORER|SA_RESTART, 0x3916e302d0}, {SIG_DFL, [], 0}, 8) = 0

25933 rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0

25933 getcwd("/"..., 4095)              = 2

25933 chdir("/usr/local/myspace/webspace/httpdocs") = 0



water boiling point



25933 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace", {st_mode=S_IFDIR|0755, st_size=4096,
...}) = 0

25933 lstat("/usr/local/myspace/webspace", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace/webspace/httpdocs", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace/webspace/httpdocs/phpinfo.php",
{st_mode=S_IFREG|0644, st_size=16, ...}) = 0



First check



25933 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace", {st_mode=S_IFDIR|0755, st_size=4096,
...}) = 0

25933 lstat("/usr/local/myspace/webspace", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace/webspace/httpdocs", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace/webspace/httpdocs/phpinfo.php",
{st_mode=S_IFREG|0644, st_size=16, ...}) = 0



Second check



25933 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace", {st_mode=S_IFDIR|0755, st_size=4096,
...}) = 0

25933 lstat("/usr/local/myspace/webspace", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0



Third check (incomplete)



25933 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace", {st_mode=S_IFDIR|0755, st_size=4096,
...}) = 0

25933 lstat("/usr/local/myspace/webspace", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace/webspace/httpdocs", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0

25933 lstat("/usr/local/myspace/webspace/httpdocs/phpinfo.php",
{st_mode=S_IFREG|0644, st_size=16, ...}) = 0



Final check and then read the file.



25933 open("/usr/local/myspace/webspace/httpdocs/phpinfo.php", O_RDONLY) =
16

25933 fstat(16, {st_mode=S_IFREG|0644, st_size=16, ...}) = 0

25933 read(16, "<? phpinfo() ?>\n", 8192) = 16

25933 read(16, "", 8192)                = 0

25933 read(16, "", 8192)                = 0

25933 close(16)                         = 0



-- 
Edit bug report at http://bugs.php.net/bug.php?id=52312&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=52312&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=52312&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=52312&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=52312&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=52312&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=52312&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=52312&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=52312&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=52312&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=52312&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=52312&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=52312&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=52312&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=52312&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=52312&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=52312&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=52312&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=52312&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=52312&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=52312&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=52312&r=mysqlcfg

Reply via email to