php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58942 call to setproctitle modifies PATH used for system() and exec()
Submitted: 2009-11-10 05:05 UTC Modified: 2017-10-24 23:23 UTC
From: pop3 at flachtaucher dot de Assigned:
Status: Suspended Package: proctitle (PECL)
PHP Version: 5.3.0 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-11-10 05:05 UTC] pop3 at flachtaucher dot de
Description:
------------
On Centos 5.3 64-bit a call to setproctitle will modify my $PATH variable that is used for exec() or system().


Reproduce code:
---------------
<?php
echo "Path before call: ";
system('echo $PATH')."\n";
setproctitle('hello world');
echo "Path after call: ";
system('echo $PATH')."\n";
?>


Expected result:
----------------
Output after "Path before call:" matches that of "Path after call:"

Actual result:
--------------
Paths do NOT match. Therefore path was modified by this module.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-10 05:07 UTC] pop3 at flachtaucher dot de
This is the output if I run the supplied script:

# php ./t.php
Path before call: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin

Path after call: /usr/local/bin:/bin:/usr/bin
#

(Yes, I am running this as root)
 [2009-11-10 09:09 UTC] magicaltux@php.net
This is more a feature than a bug, the process' title needing some place to be written to.

New version of proctitle I'm working on will have by default a limit (based on the process name), and an ini flag allowing (or disallowing) overwrite of environnement vars.

Also, constants will be provided to get the max number of chars that can be inserted in both cases.
 [2009-11-21 00:54 UTC] pop3 at flachtaucher dot de
Thanks for your reply and for putting this module together in the 1st place. Maybe you can document this behaviour in the meantime? This came totally unexpected to me and documenting might save some bug-hunting time for users of this extension :-)
 [2010-05-21 23:33 UTC] magicaltux@php.net
After some research two things will be added:

- A constant called "PROCTITLE_SAFE_LEN" containing maximum 
"safe" length (the length at which the environ isn't 
overwritten)
- A unsetproctitle() function to restore things to what they 
are supposed to are, and have everything work again as it 
should

Of course people using BSD are not affected by this bug. The 
define will just contain max length as defined by BSD.
 [2011-04-28 07:03 UTC] bjori@php.net
magicaltux what is the status on this?
 [2017-10-24 06:43 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: magicaltux +Assigned To:
 [2017-10-24 23:23 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-10-24 23:23 UTC] kalle@php.net
The proctitle package have not had a release since 2012 and no development since, its safe to say that this package is no longer maintained, if development picks back up then this report should be re-opened
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Feb 21 09:01:26 2019 UTC