php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40425 php_getuid() always return 1.
Submitted: 2007-02-10 00:44 UTC Modified: 2007-03-21 01:00 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: priappub at yahoo dot fr Assigned:
Status: No Feedback Package: Safe Mode/open_basedir
PHP Version: 5.2.1 OS: Solaris 10
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-02-10 00:44 UTC] priappub at yahoo dot fr
Description:
------------
On solaris 10 (update 3) on sparc with PHP 5.1.6 or 5.1.2, 
safe mode doesn't work.  I have the message:
SAFE MODE Restriction in effect. The script whose uid/gid 
is 1/10076 is not allowed to access /sites/toto.php owned 
by uid/gid 10076/1000 in Unknown on line 0

The script and the directory have the same UID/GID. It 
seems like in safe_mode.c, php-getuid() always returns 1 
and php_getgid() returns the UID.

NB: same bug as http://bugs.php.net/bug.php?id=7744 or 
http://bugs.php.net/bug.php?id=18500 (they are old and for 
PHP4)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-02-10 00:52 UTC] tony2001@php.net
Cannot reproduce. Please provide an account on this machine.
 [2007-02-10 01:35 UTC] priappub at yahoo dot fr
Unfortunately, this machine is on a private network.

It'a a solaris 10 update 3 with apache 2.0.58 included in 
solaris. PHP is 5.2.1 compiled with:

CFLAGS='-I/usr/sfw/src/mysql/include' \
CC='cc' \
'./configure' \
'--with-apxs2=/usr/apache2/bin/apxs' \
'--with-mysql=/usr/sfw' \
'--enable-dbase' \
'--with-ldap' \
'--enable-ftp' \
'--with-bzip2' \
'--with-openssl=/usr/sfw' \
'--with-jepg' \
'--with-png' \
'--with-zlib' \
'--with-imap' \
'--enable-fastcgi' \
'--enable-mbstring' \
'--with-config-file-path=/etc/apache2' \
'--without-iconv' \
'--with-gettext' \
'--enable-magic-quotes' \
'--enable-safe-mode' \
'--prefix=/usr' \
'--exec-prefix=/usr' \
'--sysconfdir=/etc' \
'--localstatedir=/var' \

I'm using Sun Studio 11 but same result with GCC. I don't 
know if the problem is on x86 too, I have only solaris with 
sparc.

NB: bug 12683 suggests a problem with mod_perl but no 
mod_perl here.
 [2007-02-11 09:34 UTC] tony2001@php.net
Then we will have to wait for someone with Solaris 10 to reproduce and fix it.
 [2007-03-06 12:07 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip


 [2007-03-07 10:13 UTC] priappub at yahoo dot fr
Same problem with the snapshot. But it seems that the problem is the 
apache provided by SUN because if I compile apache from the source, 
safe_mode is OK.
 [2007-03-07 10:19 UTC] tony2001@php.net
What's the difference between Sun Apache and the one compiled from sources?
 [2007-03-08 22:32 UTC] priappub at yahoo dot fr
For the difference, I don't know... I have this:

[root@Romulus ~]# /usr/apache2/bin/httpd -V
Server version: Apache/2.0.58
Server built:   Sep  5 2006 07:46:49
Server's Module Magic Number: 20020903:12
Server loaded:  APR 0.9.12, APR-UTIL 0.9.12
Compiled using: APR 0.9.12, APR-UTIL 0.9.12
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FCNTL_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/apache2"
 -D SUEXEC_BIN="/usr/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
 [2007-03-09 10:40 UTC] tony2001@php.net
And the same for Sun apache, please.
 [2007-03-09 16:09 UTC] priappub at yahoo dot fr
This is the httpd -V from apache provided by SUN.
 [2007-03-09 23:37 UTC] tony2001@php.net
Well, then provide the one from the self-compiled apache.
 [2007-03-10 20:32 UTC] priappub at yahoo dot fr
The self-compiled apache:

[root@Romulus bin]# ./httpd -V
Server version: Apache/2.0.59
Server built:   Feb 22 2007 00:29:21
Server's Module Magic Number: 20020903:12
Server loaded:  APR 0.9.12, APR-UTIL 0.9.12
Compiled using: APR 0.9.12, APR-UTIL 0.9.12
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FCNTL_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/apache2"
 -D SUEXEC_BIN="/usr/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="/var/logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
 [2007-03-12 09:42 UTC] tony2001@php.net
Two different apaches in one server root?
How did you manage to do that?
 [2007-03-13 20:35 UTC] priappub at yahoo dot fr
The 2 versions are not working at the same time.
 [2007-03-13 20:42 UTC] tony2001@php.net
Sure, but they can't be in the same directory in the same time.
 [2007-03-21 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-07-23 16:59 UTC] bugs at nazarenko dot net
I can confirm a very similar bug on Solaris 10 SPARC Update 3 with the latest php5.2-200707231430 snapshot.

Here is the testing script /tmp/test.php:

<?php
echo "safe = " . (ini_get('safe_mode') ? "On" : "Off") . "\n";
echo "uid = " . getmyuid() . "\n";
echo "gid = " . getmygid() . "\n";
echo file_get_contents('/etc/passwd');
?>

I have performed these commands in PHP source directory (as root):

cd /tmp/php5.2-200707231430
./configure --disable-all --disable-cgi --enable-safe-mode
make

I login with a user account (uid:gid 2010:605) 
cd /tmp/php5.2-200707231430/sapi/cli
./php test.php

The output is the following:

safe = On
uid = 0
gid = 1004
 ........ and then the contents of the '/etc/passwd' file.

Actually it does not matter which user is executing this script. It always returns uid:gid as 0:1004 (even for a root user). It also does not matter whether 'Safe Mode' is On or Off.  This makes 'Safe Mode' practically useless on the machine, as all the scripts run with root's uid.

At first I thought that the gid 1004 is coming out of the blue, because I do not have any groups with such id. Then I saw that the files in PHP source tarball as well as the compiled binary in 'sapi/cli' directory have uig:gid 1004:1004. So it would be logical to assume that all of that is somehow related. I tried to change the uid:gid of the compiled binary but it did not change the behaviour. I guess something goes wrong during the compilation phase.

I cannot provide access to this machine at the moment, but I could arrange it if really was required. Otherwise I am happy to do any other additional testing that could be useful.
 [2007-07-30 16:46 UTC] bugs at nazarenko dot net
There is no reaction for a week now... As I am not the original submitter of the bug I cannot change its status to 'Open'.
Is anybody following this up or should I open a new bug for this issue?
 [2007-08-01 18:32 UTC] bugs at nazarenko dot net
Since there was no feedback here I was about to open a new bug for this issue. I decided to test again with the latest php5.2-200708011630 snapshot and now it seems to work fine!

Well sort of... The CLI script I use for testing above takes the UID and GID of the script file and not of the user who launches the script.

Has this bug been really addressed?
Is this the intended "correct" behaviour?
Could anybody please officially comment on this?
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Mon Dec 17 03:01:26 2018 UTC