PHP :: Bug #63746 :: FPM incompatible with runkit sandbox

Bug #63746

FPM incompatible with runkit sandbox

Submitted:

2012-12-11 22:32 UTC

Modified:

2016-08-03 19:39 UTC

Votes:	3
Avg. Score:	3.0 ± 1.6
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

tranelson at x dot com

Assigned:

cmb (profile)

Status:

Closed

Package:

FPM related

PHP Version:

5.4.9

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tranelson at x dot com
New email:
PHP Version:		OS:

New Comment:

[2012-12-11 22:32 UTC] tranelson at x dot com

Description:
------------
Using Runkit Sandbox inside PHP-FPM causes FPM to crash.  

Please see the following for a description and GDB trace:

https://github.com/zenovich/runkit/issues/44

I thought this might have been a runkit issue, but in the stack trace, runkit is just shutting down the child interpreter, which calls back to FPM.  FPM is assuming that there is a request for this interpreter, which doesn't hold true in this scenario.   

I've made a fix that works for me.  It is attached below.

Test script:
---------------
   $options = array(
            'safe_mode'=>false,
            'open_basedir'=>'',
            'allow_url_fopen'=>'true',
            'disable_functions'=>'exec,shell_exec,passthru,system',
            'disable_classes'=>'myAppClass');
            
            $sandbox = new Runkit_Sandbox($options);
            $sandbox->eval('echo "hello from sandbox\n";');
            $hello = "hello world from parent";
            echo $hello;


Expected result:
----------------
Hello from sandbox

Actual result:
--------------
Crash.  
#0 fcgi_finish_request (req=0x0, force_close=0)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fastcgi.c:1040
#1 0x08440032 in sapi_cgi_deactivate (tsrm_ls=)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:843
#2 sapi_cgi_deactivate (tsrm_ls=0xa6adaf8)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:832
#3 0x0831eaf4 in sapi_deactivate (tsrm_ls=0xa6adaf8)
at /home/tranelson/php-5.4.8/main/SAPI.c:529
#4 0x08315f3c in php_request_shutdown (dummy=0xa6adaf8)
at /home/tranelson/php-5.4.8/main/main.c:1799
#5 0xb68241fb in php_runkit_sandbox_dtor (objval=0xb6a76548,
tsrm_ls=0xa51a070)
at /home/tranelson/runkit/runkit-master/runkit_sandbox.c:1838
#6 0x083ab42c in zend_objects_store_del_ref_by_handle_ex (handle=1,
handlers=0xb68307a0, tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_objects_API.c:220
#7 0x083ab466 in zend_objects_store_del_ref (zobject=0xb6a7652c,
tsrm_ls=0xa51a070) at /home/tranelson/php-5.4.8/Zend/zend_objects_API.c:172
#8 0x08380581 in _zval_dtor_func (zvalue=0xb6a7652c)
at /home/tranelson/php-5.4.8/Zend/zend_variables.c:52
#9 0x08371768 in _zval_dtor (zvalue=)
at /home/tranelson/php-5.4.8/Zend/zend_variables.h:35
#10 _zval_ptr_dtor (zval_ptr=0xb6a766ec)
---Type to continue, or q to quit---
at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:438
#11 _zval_ptr_dtor (zval_ptr=0xb6a766ec)
at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:427
#12 0x0838f055 in zend_hash_apply_deleter (ht=0xa51bb88, p=0xb6a766e0)
at /home/tranelson/php-5.4.8/Zend/zend_hash.c:650
#13 0x083908e1 in zend_hash_reverse_apply (ht=0xa51bb88,
apply_func=0x8371590 , tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_hash.c:804
#14 0x08371c1e in shutdown_destructors (tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:217
#15 0x08382098 in zend_call_destructors (tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend.c:922
#16 0x08315fc4 in php_request_shutdown (dummy=0x0)
at /home/tranelson/php-5.4.8/main/main.c:1732
#17 0x0806efc2 in main (argc=1, argv=0xbfac87a4)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:1948

Patches

Runkit_FPM (last revision 2012-12-11 22:33 UTC by tranelson at x dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-12-14 22:43 UTC] felipe@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: fat

[2015-09-29 09:50 UTC] dzenovich@php.net

Fixed in https://github.com/zenovich/runkit/issues/44

[2016-08-03 19:39 UTC] cmb@php.net

-Status: Assigned +Status: Closed -Assigned To: fat +Assigned To: cmb

[2016-08-03 19:39 UTC] cmb@php.net

> Fixed in https://github.com/zenovich/runkit/issues/44

As it's fixed, we can close this ticket.

[2016-08-03 19:39 UTC] cmb@php.net

-Summary: FPM incompatible with runkit sanbox +Summary: FPM incompatible with runkit sandbox

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Oct 18 02:01:27 2024 UTC