php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28401 umask is not being restored when each request is finished.
Submitted: 2004-05-14 16:43 UTC Modified: 2004-05-17 16:03 UTC
Votes:7
Avg. Score:4.3 ± 0.9
Reproduced:6 of 6 (100.0%)
Same Version:1 (16.7%)
Same OS:3 (50.0%)
From: todd at stew dot org Assigned:
Status: Wont fix Package: Apache2 related
PHP Version: 4.3.6 OS: Redhat 9 and Fedora
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: todd at stew dot org
New email:
PHP Version: OS:

 

 [2004-05-14 16:43 UTC] todd at stew dot org 
Description:
------------
The apache child's umask is reset and not restored.

This behavior is present in
the redhat php-4.2.2-17.2 rpm, my custom install of 4.3.4 and my custom install of 4.3.6 (compiled yesterday). It happens with both apache 2.0.40 and 2.0.48.



Reproduce code:
---------------
create a cgi file that touches a random filename and lists that file;

#!/bin/bash
echo "content-type: text/plain"
echo
touch /tmp/$UNIQUE_ID
ls -ald /tmp/$UNIQUE_ID

create a php file that sets a umask
<?
umask(077);
?>

Set apache to only spawn one child.
hit the cgi file then hit the php file then hit the cgi file.



Expected result:
----------------
The umask should not change for the cgi's and should only change for the php script.

Actual result:
--------------
The umask remains sticky to the apache child.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-14 17:24 UTC] iliaa@php.net 
Fixing this bug would require adding an internal global to 
PHP which would break backwards compatibility for binary 
modules. Consequently this cannot be fixed in 4.3.X tree.
 [2004-05-14 19:34 UTC] todd at stew dot org 
The docs say:

umask() sets PHP's umask to mask & 0777 and returns the old umask. When PHP is being used as a server module, the umask is restored when each request is finished. 

Using apache 1.3 does not have the same problem.
Can you suggest a workaround?

adding a auto_prepend_file or an auto_append_file works unless there is another declaration in a .htaccess file, then it does not work.
 [2004-05-14 22:03 UTC] todd at stew dot org 
I might be wrong here. looking at sapi/apache/mod_php4.c, php_save_umask is called on line 612 just before calling add_common_vars. I think this is the module that is used with the apache 1.3.x apxs.

looking at sapi/apache2handler/sapi_apache2.c I see ap_add_common_vars on line 516, but there is no save_umask or restore_umask in this file. I believe this is the module that is used for apache 2.0.x apxs. It looks to me like the umask functions were just left out of the 2.0.x module?
 [2004-05-14 22:23 UTC] iliaa@php.net 
Try the patch at http://ilia.ws/stuff/umask.txt and let me 
know if it does the trick.
 [2004-05-17 16:03 UTC] todd at stew dot org 
Is this patch safe? http://stew.org/php-4.3.6-umask.patch.txt

Your patch produced compile errors:

/usr/src/redhat/BUILD/php-4.3.6/sapi/apache2handler/sapi_apache2.c: In function `php_handler':
/usr/src/redhat/BUILD/php-4.3.6/sapi/apache2handler/sapi_apache2.c:554: error: called object is not a function
/usr/src/redhat/BUILD/php-4.3.6/sapi/apache2handler/sapi_apache2.c:567: error: called object is not a function
make: *** [sapi/apache2handler/sapi_apache2.lo] Error 1
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 16:01:31 2024 UTC