Bug #65100 [Com]: Reject root run
Edit report at https://bugs.php.net/bug.php?id=65100&edit=1 ID: 65100 Comment by: dlsni...@php.net Reported by:admin at mvpro dot net Summary:Reject root run Status: Assigned Type: Bug Package:FPM related Operating System: Linux Debian Wheezy PHP Version:5.5.0 Assigned To:fat Block user comment: N Private report: N New Comment: Hi, I'm using Ubuntu 13.04 and I've compiled PHP 5.5 with FPM from sources. I do indeed get something like this: [24-Jun-2013 18:09:32] ERROR: [pool default] please specify user and group other than root [24-Jun-2013 18:09:32] ERROR: FPM initialization failed but I don't think it is a bad thing. Running PHP with root as user would be considered a major security issue so maybe it's not really a bug. Can you provide a real use case where you'd want to allow a script executed via FPM to have root privileges as I can't think of a good one right now? Thanks. Previous Comments: [2013-06-23 03:36:07] admin at mvpro dot net Description: Php5-fpm rejected to run with user 'root' and group 'root', it fails to load. While proccess priority was implemented, i assume, running PHP-fpm with user 'root' should be allowed. Test script: --- Put in /etc/php5/fpm/pool.d/www.conf user = root Expected result: Success run. Actual result: -- Fail to run. -- Edit this bug report at https://bugs.php.net/bug.php?id=65100&edit=1
Bug #65100 [Com]: Reject root run
Edit report at https://bugs.php.net/bug.php?id=65100&edit=1 ID: 65100 Comment by: dlsni...@php.net Reported by:admin at mvpro dot net Summary:Reject root run Status: Assigned Type: Bug Package:FPM related Operating System: Linux Debian Wheezy PHP Version:5.5.0 Assigned To:fat Block user comment: N Private report: N New Comment: Hi, I've forgot to mention that if you run: php-fpm help it will show you something like this: Usage: php-fpm [-n] [-e] [-h] [-i] [-m] [-v] [-t] [-p ] [-g ] [-c ] [-d foo[=bar]] [-y ] [-D] [-F] [...] -R, --allow-to-run-as-root Allow pool to run as root (disabled by default) Have you tried that? Thanks :) Previous Comments: [2013-06-24 16:21:06] admin at mvpro dot net dlsniper, i have nothing against such policy, however it would be interesting to know what issues can it do. I have many scripts which can not get access to php files because of bad chmod. I can set it automatically but it's rather bad to do it via cron every minute, because it will affect perfomance. Also it will not 'at the moment', maybe user have to wait for a minute after a file update. It's not really awesome. I think it's a bug because in PHP 5.5 there are invent: "; Specify the nice(2) priority to apply to the master process (only if set) ; The value can vary from -19 (highest priority) to 20 (lower priority) ; Note: - It will only work if the FPM master process is launched as root ; - The pool process will inherit the master process priority ; unless it specified otherwise ; Default Value: no set process.priority = -19" This new feature is useless, when root user cause fail to load php-fpm. If root issue is permanent, then why is proccess.priority was implemented? -------- [2013-06-24 16:13:20] dlsni...@php.net Hi, I'm using Ubuntu 13.04 and I've compiled PHP 5.5 with FPM from sources. I do indeed get something like this: [24-Jun-2013 18:09:32] ERROR: [pool default] please specify user and group other than root [24-Jun-2013 18:09:32] ERROR: FPM initialization failed but I don't think it is a bad thing. Running PHP with root as user would be considered a major security issue so maybe it's not really a bug. Can you provide a real use case where you'd want to allow a script executed via FPM to have root privileges as I can't think of a good one right now? Thanks. [2013-06-23 03:36:07] admin at mvpro dot net Description: Php5-fpm rejected to run with user 'root' and group 'root', it fails to load. While proccess priority was implemented, i assume, running PHP-fpm with user 'root' should be allowed. Test script: --- Put in /etc/php5/fpm/pool.d/www.conf user = root Expected result: Success run. Actual result: -- Fail to run. -- Edit this bug report at https://bugs.php.net/bug.php?id=65100&edit=1
Req #52355 [Com]: Negating zero does not produce negative zero
Edit report at https://bugs.php.net/bug.php?id=52355&edit=1 ID: 52355 Comment by: dlsni...@php.net Reported by:spoon dot reloaded at gmail dot com Summary:Negating zero does not produce negative zero Status: Open Type: Feature/Change Request Package:Math related PHP Version:5.3.2 Block user comment: N Private report: N New Comment: I've found that this break was introduced in 5.2.3, http://3v4l.org/MFa5s I'll try and investigate further. Previous Comments: [2012-02-13 08:31:50] salsi at icosaedro dot it The zero negative could appear also in the simplest expressions, yielding quite unexpected results, as in $zn = -1 * 0.0; echo $zn; ==> -0 Under PHP several int expressions might result in a float value, and most programmers are unaware that their "exact" calculations are made in the quite obscure domain of the approximated floating-point numbers, possibly with safety and security related issues. Since $zn==0.0 and $zn===0.0 are both true, the only way I have found to detect the zero negative value is by comparing its representation as a string: if( $f === 0.0 and "$f" === "-0" ) echo "WARNING: it's zero negative!"; [2010-07-16 08:34:29] spoon dot reloaded at gmail dot com Nor can you specify -0 as a float literal: var_dump(-0.); float(0) [2010-07-16 08:31:54] spoon dot reloaded at gmail dot com Description: Using the unary negation operator on a float 0 (positive zero) value, simply returns positive zero again, instead of -0 (negative zero), like it does in other languages. var_dump(-(0.)); float(0) The negative zero exists and can be displayed properly, so that is not the problem: var_dump(-1/INF); float(-0) But for some reason there is no easy way to access it. Test script: --- var_dump(-(0.)); var_dump(-1/INF); Expected result: float(-0) float(-0) Actual result: -- float(0) float(-0) -- Edit this bug report at https://bugs.php.net/bug.php?id=52355&edit=1
