php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28401 umask is not being restored when each request is finished.
Submitted: 2004-05-14 16:43 UTC Modified: 2004-05-17 16:03 UTC
Votes:7
Avg. Score:4.3 ± 0.9
Reproduced:6 of 6 (100.0%)
Same Version:1 (16.7%)
Same OS:3 (50.0%)
From: todd at stew dot org Assigned:
Status: Wont fix Package: Apache2 related
PHP Version: 4.3.6 OS: Redhat 9 and Fedora
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-05-14 16:43 UTC] todd at stew dot org
Description:
------------
The apache child's umask is reset and not restored.

This behavior is present in
the redhat php-4.2.2-17.2 rpm, my custom install of 4.3.4 and my custom install of 4.3.6 (compiled yesterday). It happens with both apache 2.0.40 and 2.0.48.



Reproduce code:
---------------
create a cgi file that touches a random filename and lists that file;

#!/bin/bash
echo "content-type: text/plain"
echo
touch /tmp/$UNIQUE_ID
ls -ald /tmp/$UNIQUE_ID

create a php file that sets a umask
<?
umask(077);
?>

Set apache to only spawn one child.
hit the cgi file then hit the php file then hit the cgi file.



Expected result:
----------------
The umask should not change for the cgi's and should only change for the php script.

Actual result:
--------------
The umask remains sticky to the apache child.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-14 17:24 UTC] iliaa@php.net
Fixing this bug would require adding an internal global to 
PHP which would break backwards compatibility for binary 
modules. Consequently this cannot be fixed in 4.3.X tree. 
 [2004-05-14 19:34 UTC] todd at stew dot org
The docs say:

umask() sets PHP's umask to mask & 0777 and returns the old umask. When PHP is being used as a server module, the umask is restored when each request is finished. 

Using apache 1.3 does not have the same problem.
Can you suggest a workaround?

adding a auto_prepend_file or an auto_append_file works unless there is another declaration in a .htaccess file, then it does not work.
 [2004-05-14 22:03 UTC] todd at stew dot org
I might be wrong here. looking at sapi/apache/mod_php4.c, php_save_umask is called on line 612 just before calling add_common_vars. I think this is the module that is used with the apache 1.3.x apxs.

looking at sapi/apache2handler/sapi_apache2.c I see ap_add_common_vars on line 516, but there is no save_umask or restore_umask in this file. I believe this is the module that is used for apache 2.0.x apxs. It looks to me like the umask functions were just left out of the 2.0.x module?
 [2004-05-14 22:23 UTC] iliaa@php.net
Try the patch at http://ilia.ws/stuff/umask.txt and let me 
know if it does the trick. 
 [2004-05-17 16:03 UTC] todd at stew dot org
Is this patch safe? http://stew.org/php-4.3.6-umask.patch.txt

Your patch produced compile errors:

/usr/src/redhat/BUILD/php-4.3.6/sapi/apache2handler/sapi_apache2.c: In function `php_handler':
/usr/src/redhat/BUILD/php-4.3.6/sapi/apache2handler/sapi_apache2.c:554: error: called object is not a function
/usr/src/redhat/BUILD/php-4.3.6/sapi/apache2handler/sapi_apache2.c:567: error: called object is not a function
make: *** [sapi/apache2handler/sapi_apache2.lo] Error 1
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 14:01:28 2024 UTC