php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #53263 Allow realpath cache to function even with open_basedir enabled
Submitted: 2010-11-08 14:17 UTC Modified: 2019-11-14 15:34 UTC
Votes:27
Avg. Score:3.4 ± 1.0
Reproduced:9 of 14 (64.3%)
Same Version:0 (0.0%)
Same OS:6 (66.7%)
From: tomsommer@php.net Assigned:
Status: Wont fix Package: Safe Mode/open_basedir
PHP Version: 5.3.3 OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-11-08 14:17 UTC] tomsommer@php.net
Description:
------------
As described in bug #52312 - realpath cache is disabled when open_basedir is enabled. Would it be possible to either:

1) Fix the security problem related to having both enabled at the same time
2) Add a php.ini or ./configure toggle to enable both at the same time, overriding the security aspect in order to gain performance.

Thanks


Patches

asdf (last revision 2014-11-07 12:32 UTC by asdf at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-08 17:44 UTC] rasmus@php.net
I don't think the security problem is fixable.  We have no way to prevent the contents behind a cache entry from changing which is the root of the security problem.  And I don't see the point in open_basedir if you remove the security aspect.  The less secure toggle is to simply turn off open_basedir.  An open_basedir feature that doesn't actually guarantee that users can't open files outside of the specified base directory isn't useful.
 [2019-11-14 11:38 UTC] michael dot vorisek at email dot cz
Is the cache issue related only when the PHP process is resused for multiple requests with different open_basedir values?

If yes, an extra switch makes 100% sense. The security is 100% kept and realpath cache will be available which makes up too 10x the performace on Windows with file heavy scripts.
 [2019-11-14 15:34 UTC] requinix@php.net
-Status: Open +Status: Wont fix
 [2019-11-14 15:34 UTC] requinix@php.net
@michael: It applies to one request as well as it does multiple requests. One script could, during its lifetime, create and resolve a symlink to a path within open_basedir, then redirect that symlink to a path outside it.

In the interests of having one fewer open tickets regarding open_basedir performance, and since #52312 is still open, I'm going to wontfix this per @rasmus's comment.
 [2019-11-14 15:38 UTC] retertertert at fgfgfg dot com
> One script could, during its lifetime, create and 
> resolve a symlink to a path within open_basedir, 
> then redirect that symlink to a path outside it

i wonder how it will do that with disable_functions="symlink" which is global and known at startup and with all exec&freinds also in disbale_functions
 [2019-11-14 15:42 UTC] retertertert at fgfgfg dot com
and if you don't want to implement that check give sensile people which know their environment a ini-option instead disable the realpath cache *hardcoded* based on another ini-option with no chance to say "dear php runtime: look i disabled the race-condition with symlinks and hence the cache is fine, use it"

or fix symlink() to now allow "then redirect that symlink to a path outside it" which would close the issue where it happens instead work around it
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Nov 15 21:01:30 2019 UTC