PHP :: Bug #58942 :: call to setproctitle modifies PATH used for system() and exec()

Bug #58942	call to setproctitle modifies PATH used for system() and exec()
Submitted:	2009-11-10 05:05 UTC	Modified:	2017-10-24 23:23 UTC
From:	pop3 at flachtaucher dot de	Assigned:
Status:	Suspended	Package:	proctitle (PECL)
PHP Version:	5.3.0	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-11-10 05:05 UTC] pop3 at flachtaucher dot de

Description:
------------
On Centos 5.3 64-bit a call to setproctitle will modify my $PATH variable that is used for exec() or system().


Reproduce code:
---------------
<?php
echo "Path before call: ";
system('echo $PATH')."\n";
setproctitle('hello world');
echo "Path after call: ";
system('echo $PATH')."\n";
?>


Expected result:
----------------
Output after "Path before call:" matches that of "Path after call:"

Actual result:
--------------
Paths do NOT match. Therefore path was modified by this module.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-11-10 05:07 UTC] pop3 at flachtaucher dot de

This is the output if I run the supplied script:

# php ./t.php
Path before call: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin

Path after call: /usr/local/bin:/bin:/usr/bin
#

(Yes, I am running this as root)

[2009-11-10 09:09 UTC] magicaltux@php.net

This is more a feature than a bug, the process' title needing some place to be written to.

New version of proctitle I'm working on will have by default a limit (based on the process name), and an ini flag allowing (or disallowing) overwrite of environnement vars.

Also, constants will be provided to get the max number of chars that can be inserted in both cases.

[2009-11-21 00:54 UTC] pop3 at flachtaucher dot de

Thanks for your reply and for putting this module together in the 1st place. Maybe you can document this behaviour in the meantime? This came totally unexpected to me and documenting might save some bug-hunting time for users of this extension :-)

[2010-05-21 23:33 UTC] magicaltux@php.net

After some research two things will be added:

- A constant called "PROCTITLE_SAFE_LEN" containing maximum 
"safe" length (the length at which the environ isn't 
overwritten)
- A unsetproctitle() function to restore things to what they 
are supposed to are, and have everything work again as it 
should

Of course people using BSD are not affected by this bug. The 
define will just contain max length as defined by BSD.

[2011-04-28 07:03 UTC] bjori@php.net

magicaltux what is the status on this?

[2017-10-24 06:43 UTC] kalle@php.net

-Status: Assigned +Status: Open -Assigned To: magicaltux +Assigned To:

[2017-10-24 23:23 UTC] kalle@php.net

-Status: Open +Status: Suspended

[2017-10-24 23:23 UTC] kalle@php.net

The proctitle package have not had a release since 2012 and no development since, its safe to say that this package is no longer maintained, if development picks back up then this report should be re-opened

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 12:01:31 2024 UTC