|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60081 /bin/sh hardcoded in proc_open.c
Submitted: 2011-10-17 21:42 UTC Modified: 2012-05-24 23:46 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: zburlindibus at gmail dot com Assigned:
Status: Not a bug Package: *Configuration Issues
PHP Version: 5.3.8 OS: ARM cross-compile
Private report: No CVE-ID: None
 [2011-10-17 21:42 UTC] zburlindibus at gmail dot com
I've managed to cross-compile PHP 5.3.8 for ARM platforms (to be run on rooted Android phones).

The trouble is that when you execute a system('pwd'), the command doesn't print any output (and it doesn't execute pwd).

A strace indicates that PHP tries to execute /bin/sh -c pwd in fact.

However, on Android phones, /bin/sh doesn't exist (like in Linux distros), but in fact the path is /system/bin/sh.

Mounting / as read-write and creating /bin/sh to point to /system/bin/sh is more difficult than allowing a configuration key/value pair to point to the executable itself. 
Or use the SHELL environment variables ?

It should not be hardcoded (I found this only using strace - there's no error message in case the command fails because /bin/sh is not found) - or at least, it should use the SHELL environment variable in case /bin/sh doesn't exist).

Expected result:
I expect system('pwd') to work.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-05 21:20 UTC] zburlindibus at gmail dot com
After further investigation, it seems that the proc_open.c code is not actually called in case of system(...) / exec(...).

PHP apparently delegates to libc::system(...) call to do the PHP system / exec calls. However, libc standard is to assume /bin/sh as shell - and thus, it has it hardcoded.

I have changed the sourcecode of uClibc to use /system/bin/sh, statically linked PHP against it, and not it works.

I guess this bug can be closed - but I'd like to know what proc_open.c does in fact (since /bin/sh is hardcoded there too).
 [2012-05-24 23:46 UTC]
-Status: Open +Status: Not a bug
 [2012-05-24 23:46 UTC]
Thanks for checking it.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 18:01:30 2024 UTC