php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49351 posix_setuid/posix_seteuid/posix_setgid/posix_setegid crashed apache
Submitted: 2009-08-25 00:02 UTC Modified: 2009-09-10 01:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: VJTD3 at VJTD3 dot com Assigned:
Status: No Feedback Package: POSIX related
PHP Version: 5.3.0 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: VJTD3 at VJTD3 dot com
New email:
PHP Version: OS:

 

 [2009-08-25 00:02 UTC] VJTD3 at VJTD3 dot com 
Description:
------------
apache Apache/2.2.13:
env CFLAGS="-DBIG_SECURITY_HOLE" ./configure --enable-so && make && make install

php 5.3.0:
./configure --with-apxs2 && make && make install

-DBIG_SECURITY_HOLE allows for root startup (administrative builds for panels and such...) when this flag is used to compile apache, php will crash when posix_setuid posix_seteuid posix_setgid or posix_setegid are used to change the user/group.

Reproduce code:
---------------
<?php

 posix_seteuid(1000);
 posix_setegid(1000);
 posix_setuid(1000);
 posix_setgid(1000);

?>

(make sure you use a number that has an actual user...)

Expected result:
----------------
change to that user.

Actual result:
--------------
php and apache crash.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-25 06:43 UTC] jani@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

And provide a GDB backtrace if it still crashes.
 [2009-09-01 23:07 UTC] VJTD3 at VJTD3 dot com 
the problem still exists, I'm not sure i can use gdb since it's a problem interfacing with apache. I'll try tonight.
 [2009-09-02 19:15 UTC] jani@php.net 
http://bugs.php.net/bugs-generating-backtrace.php
 [2009-09-10 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 17:01:58 2024 UTC