php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #53263 Allow realpath cache to function even with open_basedir enabled
Submitted: 2010-11-08 14:17 UTC Modified: 2019-11-14 15:34 UTC
Votes:29
Avg. Score:3.6 ± 1.0
Reproduced:10 of 15 (66.7%)
Same Version:0 (0.0%)
Same OS:6 (60.0%)
From: tomsommer@php.net Assigned:
Status: Wont fix Package: Safe Mode/open_basedir
PHP Version: 5.3.3 OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2010-11-08 14:17 UTC] tomsommer@php.net 
Description:
------------
As described in bug #52312 - realpath cache is disabled when open_basedir is enabled. Would it be possible to either:

1) Fix the security problem related to having both enabled at the same time
2) Add a php.ini or ./configure toggle to enable both at the same time, overriding the security aspect in order to gain performance.

Thanks

Patches

asdf (last revision 2023-03-13 17:08 UTC by jose dot lainez at se dot gob dot hn)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-08 17:44 UTC] rasmus@php.net 
I don't think the security problem is fixable.  We have no way to prevent the contents behind a cache entry from changing which is the root of the security problem.  And I don't see the point in open_basedir if you remove the security aspect.  The less secure toggle is to simply turn off open_basedir.  An open_basedir feature that doesn't actually guarantee that users can't open files outside of the specified base directory isn't useful.
 [2019-11-14 11:38 UTC] michael dot vorisek at email dot cz 
Is the cache issue related only when the PHP process is resused for multiple requests with different open_basedir values?

If yes, an extra switch makes 100% sense. The security is 100% kept and realpath cache will be available which makes up too 10x the performace on Windows with file heavy scripts.
 [2019-11-14 15:34 UTC] requinix@php.net
-Status: Open +Status: Wont fix
 [2019-11-14 15:34 UTC] requinix@php.net 
@michael: It applies to one request as well as it does multiple requests. One script could, during its lifetime, create and resolve a symlink to a path within open_basedir, then redirect that symlink to a path outside it.

In the interests of having one fewer open tickets regarding open_basedir performance, and since #52312 is still open, I'm going to wontfix this per @rasmus's comment.
 [2019-11-14 15:38 UTC] retertertert at fgfgfg dot com 
> One script could, during its lifetime, create and 
> resolve a symlink to a path within open_basedir, 
> then redirect that symlink to a path outside it

i wonder how it will do that with disable_functions="symlink" which is global and known at startup and with all exec&freinds also in disbale_functions
 [2019-11-14 15:42 UTC] retertertert at fgfgfg dot com 
and if you don't want to implement that check give sensile people which know their environment a ini-option instead disable the realpath cache *hardcoded* based on another ini-option with no chance to say "dear php runtime: look i disabled the race-condition with symlinks and hence the cache is fine, use it"

or fix symlink() to now allow "then redirect that symlink to a path outside it" which would close the issue where it happens instead work around it
 [2020-09-01 10:59 UTC] fuco809 at gmail dot com 
https://github.com/Whissi/realpath_turbo

why such a soltion can not be integrated as option in php core?
 [2023-03-13 17:08 UTC] jose dot lainez at se dot gob dot hn 
The following patch has been added/updated:

Patch Name: asdf
Revision:   1678727334
URL:        https://bugs.php.net/patch-display.php?bug=53263&patch=asdf&revision=1678727334
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 02:01:28 2024 UTC