php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59908 memtrack breaks suhosin
Submitted: 2011-08-21 11:25 UTC Modified: 2011-09-27 07:10 UTC
From: spam2 at rhsoft dot net Assigned:
Status: Closed Package: memtrack (PECL)
PHP Version: 5.3.6 OS:
Private report: No CVE-ID: None
 [2011-08-21 11:25 UTC] spam2 at rhsoft dot net
Description:
------------
"memtrack.so" breaks "suhosin.executor.func.blacklist"
this is very bad because hard to notice and any analyzing should never silently disable security-options

"suhosin.executor.func.blacklist" is hardly needed because "disable_functions" is too stupid to work per-directory and disable security-relevant functions serverwide is not everytime practicable
______________

the following config is as example needed to disallow critical functions where "fopen" needs a exception but must not executed by any eval'd code

suhosin.executor.func.blacklist = "exec, passthru, shell_exec, system, proc_open, proc_close, proc_nice, proc_terminate, proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, mail, symlink"

suhosin.executor.eval.blacklist = "popen, pclose, exec, passthru, shell_exec, system, proc_open, proc_close, proc_nice, proc_terminate, proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, mail, symlink"

Reproduce code:
---------------
any code calling a function in "suhosin.executor.func.blacklist" or "suhosin.executor.eval.blacklist"

Expected result:
----------------
do not break suhosin

Actual result:
--------------
suhosin is broken

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-14 14:01 UTC] at php dot net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PECL.


Since I don't use Suhosin, I don't have "any code calling a  function in "suhosin.executor.func.blacklist" and I barely understand what you're talking about.
Please be so nice and provide a real example configuration and code (not more than 10 lines plz).
 [2011-09-14 14:26 UTC] spam2 at rhsoft dot net
suhosin.executor.eval.blacklist = "popen, pclose, exec, passthru, shell_exec, system, proc_open, proc_close, proc_nice, proc_terminate, proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, mail, symlink"

<?php passthru('/bin/ls'); ?>

it will be executed as long memtrack is loaded

the hughe difference between "suhosin.executor.eval.blacklist" and "disable_functions" is that the suhosin-option works inside <Directory> and the dumb builin-one only writes the values in phpinfo()-ouput but will never block a function
 [2011-09-27 07:10 UTC] tony at daylessday dot org
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Fixed and release version 0.2.1
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Feb 18 14:01:25 2019 UTC