php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32501 acinclude.m4 should set HAVE_BROKEN_GETCWD for AIX, too
Submitted: 2005-03-30 14:11 UTC Modified: 2005-08-30 12:44 UTC
From: Bjorn dot Wiberg at its dot uu dot se Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 5CVS-2005-07-05 OS: IBM AIX 5.2.0.0 ML5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: Bjorn dot Wiberg at its dot uu dot se
New email:
PHP Version: OS:

 

 [2005-03-30 14:11 UTC] Bjorn dot Wiberg at its dot uu dot se
Description:
------------
As noted in other bug reports (PHP bug #24185), and the documentation (http://www.php.net/manual/en/function.getcwd.php), getcwd() may fail if some directory along a path doesn't have  list (r) permissions, but only access (x) permissions.

In acinclude.m4, the check for broken getcwd() checks the OS string to determine whether HAVE_BROKEN_GETCWD should be set or not. 

Currently, this check only detects (and sets HAVE_BROKEN_GETCWD) if the OS is "SunOS". This should probably be changed to include "AIX", too:

root@spinus:/# uname -sr
AIX 2

...as the problem seems to be present on AIX.

Reproduce code:
---------------
<?php

  $handle = fopen("./a.txt", "w", false);
  if ( $handle ) {
    fputs($handle, "testtext");
    fclose($handle);
  }

?>



Expected result:
----------------
No error message, file gets created.

Actual result:
--------------
Because fopen() + open_basedir seems to rely on getcwd() to check the path to the file, we get the following error:

Warning: fopen(): open_basedir restriction in effect. File(./a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 3 Warning: fopen(./a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 3

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-12 08:31 UTC] sniper@php.net
If you manually change HAVE_BROKEN_GETCWD in php_config.h to 
#define HAVE_BROKEN_GETCWD 1
after configure and do 'make clean && make', does it really work then..?


 [2005-07-05 11:11 UTC] Bjorn dot Wiberg at its dot uu dot se
Hi again!

(Thanks for fixing the mpm_common crash, that problem is gone now.)

All the following with #define HAVE_BROKEN_GETCWD 1 in main/php_config.h, and the following code (tests 1-4):

<?php

  print getcwd() . "<BR>";

  $handle = fopen("a.txt", "w", false);
  if ( $handle != FALSE ) {
    fputs($handle, "testtext");
    fclose($handle);
  }

?>

..and, respectively (tests 5-8):

<?php

  print getcwd() . "<BR>";

  $handle = fopen("./a.txt", "w", false);
  if ( $handle != FALSE ) {
    fputs($handle, "testtext");
    fclose($handle);
  }

?>


1. No existing "a.txt" file in the destination directory. With the "read" flag missing to the "test" directory along the path, and write permissions to the destination directory:

Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

No file gets created. getcwd() fails.


2. No existing "a.txt" file in the destination directory. Having both read and execute flags along the path, and write permissions to the destination directory:

/apache/htdocs/bwiberg/test/safemode
Warning: fopen(): Unable to access a.txt in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: No such file or directory in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 

No file gets created. But getcwd() correctly returns "
/apache/htdocs/bwiberg/test/safemode".


3. No existing "a.txt" file in the destination directory. Trying with "./a.txt" instead, a missing "read" flag to the "test" directory along the path, and write permissions to the destination directory:

No error message. The a.txt file gets correctly created, but getcwd() fails.


4. No existing "a.txt" file in the destination directory. Trying with "./a.txt", both "read" and "execute" flags along the path, and write permissions to the destination directory:

No error message. The file gets correctly created, and getcwd() returns "/apache/htdocs/bwiberg/test/safemode".


5. Existing "a.txt" file in the destination directory. With the "read" flag missing to the "test" directory along the path, and write permissions to the destination directory:

Warning: fopen(): open_basedir restriction in effect. File(a.txt) is not within the allowed path(s): (.:/apache/php/lib/php/:/apache/htdocs/bwiberg/) in /apache/htdocs/bwiberg/test/safemode/write.php on line 5 Warning: fopen(a.txt): failed to open stream: Not owner in /apache/htdocs/bwiberg/test/safemode/write.php on line 5

File does not get overwritten. getcwd() fails.


6. Existing "a.txt" file in the destination directory. Having both read and execute flags along the path, and write permissions to the destination directory:

No error message. File gets overwritten correctly. getcwd() returns "/apache/htdocs/bwiberg/test/safemode".


7. Existing "a.txt" file in the destination directory. Trying with "./a.txt" instead, a missing "read" flag to the "test" directory along the path, and write permissions to the destination directory:

No error message. File gets overwritten correctly, but getcwd() fails.

8. Existing "a.txt" file in the destination directory. Trying with "./a.txt", both "read" and "execute" flags along the path, and write permissions to the destination directory:

No error message. File gets overwritten correctly. getcwd() returns "/apache/htdocs/bwiberg/test/safemode".


From a getcwd() perspective (the scope of this particular bug report), tests number 1, 2, 3, 5 and 7 fail although they perhaps shouldn't.

So, it appears that HAVE_BROKEN_GETCWD does not solve the "problems" on AIX (with the current code for HAVE_BROKEN_GETCWD). Hence, the proposed change to acinclude.m4 is currently not needed.

Any ideas on how to go from here? Or should we accept that getcwd() should fail under these circumstances?

Thanks in advance!

Best regards,
Bj?rn
 [2005-08-30 12:44 UTC] sniper@php.net
We just accept it. As long as we don't have IBM sponsoring us AIX machines to test with I won't fix these issues.

 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Jul 08 02:01:27 2020 UTC