php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43594 leaked file descriptor from PHP
Submitted: 2007-12-14 09:52 UTC Modified: 2008-01-29 21:47 UTC
From: scog28 at hotmail dot com Assigned:
Status: Not a bug Package: Mail related
PHP Version: 5.2.5 OS: FC7
Private report: No CVE-ID: None
 [2007-12-14 09:52 UTC] scog28 at hotmail dot com
Description:
------------
leaked file descriptor from PHP see.

https://bugzilla.redhat.com/show_bug.cgi?id=424001

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.10) 
Gecko/20071128 Fedora/2.0.0.10-2.fc7 Firefox/2.0.0.10

Description of problem:
Summary
    SELinux is preventing the /usr/sbin/sendmail.postfix from using 
potentially
    mislabeled files (/tmp/.apc.541B8K (deleted)).

Detailed Description
    SELinux has denied /usr/sbin/sendmail.postfix access to 
potentially
    mislabeled file(s) (/tmp/.apc.541B8K (deleted)).  This means 
that SELinux
    will not allow /usr/sbin/sendmail.postfix to use these files.  
It is common
    for users to edit files in their home directory or tmp 
directories and then
    move (mv) them to system directories.  The problem is that the 
files end up
    with the wrong file context which confined applications are not 
allowed to
    access.

Allowing Access
    If you want /usr/sbin/sendmail.postfix to access this files, you 
need to
    relabel them using restorecon -v /tmp/.apc.541B8K (deleted).  
You might want
    to relabel the entire directory using restorecon -R -v /tmp.

Additional Information        

Source Context                system_u:system_r:system_mail_t
Target Context                system_u:object_r:httpd_tmp_t
Target Objects                /tmp/.apc.541B8K (deleted) [ file ]
Affected RPM Packages         postfix-2.4.5-2.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-61.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.home_tmp_bad_labels
Host Name                     newage.cosywallet.com
Platform                      Linux newage.cosywallet.com 
2.6.23.8-34.fc7 #1 SMP
                              Thu Nov 22 20:39:56 EST 2007 x86_64 
x86_64
Alert Count                   6
First Seen                    Thu 13 Dec 2007 03:49:17 PM CET
Last Seen                     Thu 13 Dec 2007 04:11:43 PM CET
Local ID                      b54b3f00-c896-46c5-9c5d-60d61da75b70
Line Numbers                  

Raw Audit Messages            

avc: denied { read, write } for comm="sendmail" dev=dm-0 egid=48 
euid=48
exe="/usr/sbin/sendmail.postfix" exit=0 fsgid=48 fsuid=48 gid=48 
items=0
path=2F746D702F2E6170632E35343142384B202864656C6574656429 pid=4430
scontext=system_u:system_r:system_mail_t:s0 sgid=48
subj=system_u:system_r:system_mail_t:s0 suid=48 tclass=file
tcontext=system_u:object_r:httpd_tmp_t:s0 tty=(none) uid=48



Version-Release number of selected component (if applicable):
postfix 2:2.4.5-2.fc7.x86_64 selinux-policy 2.6.4-61.fc7.noarch

How reproducible:
Always


Steps to Reproduce:
1.Create mail from php
2.
3.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-14 15:15 UTC] crrodriguez at suse dot de
Do not file bugs when you have Zend extensions (zend_extension=)
loaded. Examples are Zend Optimizer, Zend Debugger, Turck MM Cache,
APC, Xdebug and ionCube loader.  These extensions often modify engine
behavior which is not related to PHP itself.


You have APC installed.
 [2008-01-29 21:47 UTC] rasmus@php.net
I don't see how this has anything to do with APC, but to make sure, try removing APC and run your test again.

Looking at the code in ext/mail.c we have:

sendmail = popen(sendmail_cmd, "w");

if (sendmail) {
    if (EACCES == errno) {
        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Permission denied: unable to execute shell to run mail delivery binary '%s'", sendmail_path)
;
        pclose(sendmail);
        return 0;
    }
    fprintf(sendmail, "To: %s\n", to);
    fprintf(sendmail, "Subject: %s\n", subject);
    if (headers != NULL) {
        fprintf(sendmail, "%s\n", headers);
    }
    fprintf(sendmail, "\n%s\n", message);
    ret = pclose(sendmail);
    ...

I don't see how you wouldn't reach the pclose there.  If you can reliably reproduce this, gdb it and figure out why the pclose isn't doing its job there.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC