[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
php5 (5.3.3-1ubuntu9.3) maverick-security; urgency=low * debian/patches/php5-CVE-2010-3436-regression.patch: update main/fopen_wrappers.c to include fix for open_basedir restriction regression (LP: #701896) -- Steve Beattie sbeat...@ubuntu.com Wed, 12 Jan 2011 07:02:44 -0800 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3436 ** Changed in: php5 (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
The trailing slash issue was fixed with usn-1042-2 (http://www.ubuntu.com/usn/usn-1042-2); my apologies for messing up the changelog bug reference. Andrea, I've reproduced the behavior you're seeing on all Ubuntu releases, as well as debian's 5.3.3-7 package in unstable. I've discussed it briefly with upstream, and this appears to be an intended behavior change. The upstream bug about it is http://bugs.php.net/bug.php?id=53597 . ** Bug watch added: bugs.php.net/ #53597 http://bugs.php.net/bug.php?id=53597 ** Bug watch added: bugs.php.net/ #53597 http://bugs.php.net/bug.php?id=53597 ** Changed in: php Remote watch: Debian Bug tracker #605391 = bugs.php.net/ #53597 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
OK, then this bug is fixed, on Ubuntu's side. Thank you! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Sorry for bumping so impolitely, but this is grave and still not completely solved, at least in Hardy. @James Thanks for pointing this out. I am kind of surprised that it works without the /etc/ path but i am fixing it now anyway. @others Can anyone at least confirm that this is *not* an issue and it is limited to my server? That would surprise me even more, but apparently no one else noticed... Unfortunately I don't know the code well enough to attempt to submit a patch myself. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Bug is fixed, however the bug ID in the changelog is wrong, so the janitor didn't automatically close this bug report. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
I am not completely confident that the bug is indeed fixed. The original problem is gone, but I think I see a similar issue in the updated package. On my Hardy server, paths *without* a trailing slash now seem to be blocked unexpectedly. [Fri Jan 14 15:48:37 2011] [error] [client 193.205.80.47] PHP Warning: Unknown: open_basedir restriction in effect. File(/var/www/phpmyadmin/index.php) is not within the allowed path(s): (/var/www/:/usr/share/php:/var/lib/php:/var/lib/docman_docs/:/var/lib/moodledata/:/tmp/) in Unknown on line 0 On this box, /var/www/phpmyadmin is a symlink to /usr/share/phpmyadmin, which should be allowed per entry number 2 in open_basedir (/usr/share/php). I quote http://php.net/manual/en/ini.core.php: All symbolic links are resolved and The restriction specified with open_basedir is actually a prefix, not a directory name. As a side note, it had always worked perfectly so far. Can somebody else please test this case? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
I removed the slashes and tested it out. It appears to work perfectly fine for me like it should. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Andrea: Yes, /var/www/phpmyadmin is a symlink to /usr/share/phpmyadmin, but please note that you're missing 2 more crucial paths. /etc/phpmyadmin/:/var/lib/phpmyadmin/ are also part of phpmyadmin and require to be allowed in open_basedir. May not be related to your issue, but it's the case nonetheless. :) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Oh, to also make a note, when I said earlier that I removed the slashes and tested it out.. my entry was like /home/user/public_html/, and I removed the slash at the end and it still worked. So when I said it appears to work perfectly fine for me, my test wasn't exactly the same as Andrea's and therefore this may still be a bug and issue. ;) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Uhm. The open_basedir has /var/lib/php which is a valid prefix for /var/lib/phpmyadmin/, and it has always (for two years until wednesday when this bug appeared) worked with this open_basedir string. To further clarify: [...]:/usr/share/phpmyadmin/:/var/lib/phpmyadmin/:[...] works [...]:/usr/share/phpmyadmin:/var/lib/phpmyadmin:[...] works [...]:/usr/share/php:/var/lib/php:[...] does not work which seems to mean that it is now treating paths without a trailing slash as directory names instead of prefixes, which is what the specification says. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Andrea: Yes, you are correct, that should work. I wasn't debating that. If you installed phpmyadmin from the repositories, phpmyadmin calls php files from /etc/phpmyadmin and /var/lib/phpmyadmin also, as well as /usr/share/phpmyadmin. phpmyadmin will work without adding those 2 directories into open_basedir, but it breaks some functionality of phpmyadmin (notice some warning messages at the bottom of the phpmyadmin index page?). You can check those 2 directories to verify there's php files inside of them. :) I also added the note that my test wasn't exactly like yours (and therefore your issue could still be a bug) because I wasn't using mine as a prefix (as your issue stated you were doing), even though I removed the trailing slashes. ;) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
I got the update now on Hardy (13.01.2011 - 14:15 - Austria). The bug is fixed, thanks for quick response! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Can confirm the fix works on 10.04.1 LTS. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
** Summary changed: - open_basedir breaks by restricting paths to files that should be allowed when you add a leading slash in configuration; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 + open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
** Changed in: php5 (Ubuntu) Status: New = Confirmed ** Changed in: php5 (Ubuntu) Importance: Undecided = High ** Changed in: php5 (Ubuntu) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
I stated in the bug description that I wasn't sure if this affected php on mod_fcgi. I've tested this out now, and it also affects it as it does on mod_php5. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
This looks to be the relevant upstream bug http://bugs.php.net/bug.php?id=53352 and commit: http://svn.php.net/viewvc?view=revisionrevision=305698 that fixed it. I'm building and testing packages with that commit applied to verify it fixes the issue. ** Bug watch added: bugs.php.net/ #53352 http://bugs.php.net/bug.php?id=53352 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Just a note from Debian to Ubuntu maintainers: if you have tracked (and helped) in Debian php packaging, you would be free of this shame, since this bug was already fixed in 5.3.3-5 which was released on 30th November 2010. ** Bug watch added: Debian Bug tracker #605391 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605391 ** Also affects: php via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605391 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Seems there is an update for maverick -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Same for Ubuntu Server 10.04 LTS. Tested and worked. Thx for the quick response. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 701765] Re: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
Tested the updates on Ubuntu Server 10.04.1 LTS. The issue has been fixed. Thanks for fixing the issue so quickly! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/701765 Title: open_basedir breaks by restricting paths to files that should be allowed; Unknown: Failed opening required '/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
