php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49401 Semaphore files are being created in / by default
Submitted: 2009-08-28 17:56 UTC Modified: 2009-08-31 16:40 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: nathan at gossamer-threads dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.10 OS: Gentoo
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nathan at gossamer-threads dot com
New email:
PHP Version: OS:

 

 [2009-08-28 17:56 UTC] nathan at gossamer-threads dot com 
Description:
------------
As of 5.2.10 it seems that the semaphore files are being created in / instead of the usual /tmp. Uncommenting the default session.save_path of /tmp in the php.ini fixes it.

Reproduce code:
---------------
nathan@ndb3 ~ $ php --version
PHP Warning:  PHP Startup: mm_create(0, /session_mm_cgi-fcgi1005) failed, err mm:core: failed to open semaphore file (Permission denied) in Unknown on line 0
PHP 5.2.10 (cgi-fcgi) (built: Aug 28 2009 10:23:30)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

Patches

011_all_sharedmem_session_path_gentoo.patch (last revision 2010-05-28 19:28 UTC by mabi at gentoo dot org)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-29 00:36 UTC] jani@php.net 
Compared to what PHP version..?
 [2009-08-29 00:38 UTC] jani@php.net 
And I don't see any bug here anyway. If you don't define a path, it will 
just be "". And then it's up to whatever your current working directory 
happens to be. With Apache it's always /.
 [2009-08-31 16:40 UTC] nathan at gossamer-threads dot com 
Php 5.2.6 doesn't throw the error, but stracing does reveal that it's trying to create the file and failing:

open("/session_mm_cgi-fcgi1009.sem", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
shmdt(0xb54c2000)                       = 0
shmctl(6619145, IPC_64|IPC_RMID, 0)     = -1 EINVAL (Invalid argument)
unlink("/session_mm_cgi-fcgi1009.sem")  = -1 ENOENT (No such file or directory)

If the expected behavior is to use the current working directory, this is not what it's doing:

nathan@ndb3 ~ $ pwd
/home/nathan
nathan@ndb3 ~ $ php-cli -v
PHP Warning:  PHP Startup: mm_create(0, /session_mm_cli1005) failed, err mm:core: failed to open semaphore file (Permission denied) in Unknown on line 0
PHP 5.2.10 (cli) (built: Aug 28 2009 10:17:34) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

My assumption would be that the stock ini file that php ships with should contain a basic example that works on 99% of the machines out there. No reasonably configured machine would allow a user to write to /, so if there's no code change needed here perhaps the default php.ini should have that session.save_path uncommented?
 [2010-05-28 21:32 UTC] mabi at gentoo dot org 
Gentoo's php-5.3 now uses the attached patch (thanks to tsisaruk.v@gmail.com) to automatically use the system's temp directory if no session save path is set. Imho, this is a useful default behaviour. Can you consider this patch for 5.3 or trunk?
 [2010-05-28 21:36 UTC] mabi at gentoo dot org 
meh, just noticed the patch is already on bug #49503, sorry for the spam. Still, can you comment on whether this can be considered for inclusion?
 [2010-05-28 22:29 UTC] mabi at gentoo dot org 
Actually, disregard that spam. I've tested php-5.3.2 and the problem appears to be gone, even w/o the patch. Dunno why i've had the error just a few weeks back then, but the linked bug states the warning has been fixed by jani, so i'll just shut up about it.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 03:01:27 2024 UTC