php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37823 posix_setgid fails to logout of groups, or call initgroups()
Submitted: 2006-06-16 01:07 UTC Modified: 2006-06-19 02:20 UTC
From: james-php at bytehosting dot com Assigned:
Status: Closed Package: POSIX related
PHP Version: 5.1.4 OS: mandriva2006.0 - linux 2.6.12-22
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: james-php at bytehosting dot com
New email:
PHP Version: OS:

 

 [2006-06-16 01:07 UTC] james-php at bytehosting dot com
Description:
------------
When calling posix_get[e]gid() to drop root privledges, it does NOT logout of group=0(root).

Please look VERY closely at the 'id' output from the script, you will see that the third section "groups=" shows that i am effectively still logged into group "0".

It indeed sets the current process group id to 0, however, it does NOT completely DROP all group memeberships, as well PHP provides no "posix_initgroups()" so there is no way to call initgroups() on linux to re-init the group memeberships from /etc/group, which would effectively, or should, drop the group=0(root) membership.

Reproduce code:
---------------
<?
 system("id");
 posix_setgid(500);
 posix_setegid(500);
 posix_setuid(500);
 posix_seteuid(500);
 system("id");
?>

Expected result:
----------------
[root@admin cluster]# php test.php
uid=0(root) gid=0(root) groups=0(root)
uid=500(cluster) gid=500(cluster) groups=500(cluster)
[root@admin cluster]#

Actual result:
--------------
[root@admin cluster]# php test.php
uid=0(root) gid=0(root) groups=0(root)
uid=500(cluster) gid=500(cluster) groups=0(root)
[root@admin cluster]#

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-06-19 02:20 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

The posix_initgroups() was added in CVS.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC