php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #74771 opcache.validate_root don't work in chrooted environment with multiple filesys
Submitted: 2017-06-17 12:54 UTC Modified: 2017-06-19 21:28 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jb dot verdeil at gmail dot com Assigned: dmitry (profile)
Status: Assigned Package: opcache
PHP Version: 5.6.30 OS: debian 8.7
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jb dot verdeil at gmail dot com
New email:
PHP Version: OS:

 

 [2017-06-17 12:54 UTC] jb dot verdeil at gmail dot com
Description:
------------
If we have multiples sites on server in chrooted php-fpm pools with opcache activated.
Let's say /var/www/{site1,site2,site3,site4}
Each site contains public_html/index.php, chroot=/var/www/siteX and chdir=/public_html
site1 and site2 are mount points on their own virtual filesystem while the others are on the main filesystem.
So in this case site1 and site2 have the same index.php because of cache, while site3 and site4 get their own one.

So it seems there is a bug on opcache.validate_root when multiple filesystem are used.

Opcache configuration :

; configuration for php ZendOpcache module
; priority=05
zend_extension=opcache.so
opcache.enable=1
opcache.memory_consumption=228
opcache.interned_strings_buffer=20
opcache.max_accelerated_files=130987
opcache.use_cwd=1
opcache.validate_timestamps=0
opcache.revalidate_freq=0
opcache.revalidate_path=1
opcache.save_comments=0
opcache.load_comments=0
opcache.fast_shutdown=1
opcache.enable_file_override=0
opcache.max_file_size=0
opcache.restrict_api="/public_html/hole/nerver.php"
opcache.validate_permission=1
opcache.validate_root=1
opcache.log_verbosity_level=4


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-19 21:28 UTC] stas@php.net
-Assigned To: +Assigned To: dmitry
 [2017-06-19 21:28 UTC] stas@php.net
Don't see a reason why this should be private, assigning to OpCache maintainer.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 21:01:28 2024 UTC