php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63746 FPM incompatible with runkit sandbox
Submitted: 2012-12-11 22:32 UTC Modified: 2016-08-03 19:39 UTC
Votes:3
Avg. Score:3.0 ± 1.6
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: tranelson at x dot com Assigned: cmb (profile)
Status: Closed Package: FPM related
PHP Version: 5.4.9 OS: Linux
Private report: No CVE-ID: None
 [2012-12-11 22:32 UTC] tranelson at x dot com
Description:
------------
Using Runkit Sandbox inside PHP-FPM causes FPM to crash.  

Please see the following for a description and GDB trace:

https://github.com/zenovich/runkit/issues/44

I thought this might have been a runkit issue, but in the stack trace, runkit is just shutting down the child interpreter, which calls back to FPM.  FPM is assuming that there is a request for this interpreter, which doesn't hold true in this scenario.   

I've made a fix that works for me.  It is attached below.

Test script:
---------------
   $options = array(
            'safe_mode'=>false,
            'open_basedir'=>'',
            'allow_url_fopen'=>'true',
            'disable_functions'=>'exec,shell_exec,passthru,system',
            'disable_classes'=>'myAppClass');
            
            $sandbox = new Runkit_Sandbox($options);
            $sandbox->eval('echo "hello from sandbox\n";');
            $hello = "hello world from parent";
            echo $hello;


Expected result:
----------------
Hello from sandbox

Actual result:
--------------
Crash.  
#0 fcgi_finish_request (req=0x0, force_close=0)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fastcgi.c:1040
#1 0x08440032 in sapi_cgi_deactivate (tsrm_ls=)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:843
#2 sapi_cgi_deactivate (tsrm_ls=0xa6adaf8)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:832
#3 0x0831eaf4 in sapi_deactivate (tsrm_ls=0xa6adaf8)
at /home/tranelson/php-5.4.8/main/SAPI.c:529
#4 0x08315f3c in php_request_shutdown (dummy=0xa6adaf8)
at /home/tranelson/php-5.4.8/main/main.c:1799
#5 0xb68241fb in php_runkit_sandbox_dtor (objval=0xb6a76548,
tsrm_ls=0xa51a070)
at /home/tranelson/runkit/runkit-master/runkit_sandbox.c:1838
#6 0x083ab42c in zend_objects_store_del_ref_by_handle_ex (handle=1,
handlers=0xb68307a0, tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_objects_API.c:220
#7 0x083ab466 in zend_objects_store_del_ref (zobject=0xb6a7652c,
tsrm_ls=0xa51a070) at /home/tranelson/php-5.4.8/Zend/zend_objects_API.c:172
#8 0x08380581 in _zval_dtor_func (zvalue=0xb6a7652c)
at /home/tranelson/php-5.4.8/Zend/zend_variables.c:52
#9 0x08371768 in _zval_dtor (zvalue=)
at /home/tranelson/php-5.4.8/Zend/zend_variables.h:35
#10 _zval_ptr_dtor (zval_ptr=0xb6a766ec)
---Type to continue, or q to quit---
at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:438
#11 _zval_ptr_dtor (zval_ptr=0xb6a766ec)
at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:427
#12 0x0838f055 in zend_hash_apply_deleter (ht=0xa51bb88, p=0xb6a766e0)
at /home/tranelson/php-5.4.8/Zend/zend_hash.c:650
#13 0x083908e1 in zend_hash_reverse_apply (ht=0xa51bb88,
apply_func=0x8371590 , tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_hash.c:804
#14 0x08371c1e in shutdown_destructors (tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend_execute_API.c:217
#15 0x08382098 in zend_call_destructors (tsrm_ls=0xa51a070)
at /home/tranelson/php-5.4.8/Zend/zend.c:922
#16 0x08315fc4 in php_request_shutdown (dummy=0x0)
at /home/tranelson/php-5.4.8/main/main.c:1732
#17 0x0806efc2 in main (argc=1, argv=0xbfac87a4)
at /home/tranelson/php-5.4.8/sapi/fpm/fpm/fpm_main.c:1948

Patches

Runkit_FPM (last revision 2012-12-11 22:33 UTC by tranelson at x dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-14 22:43 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: fat
 [2016-08-03 19:39 UTC] cmb@php.net
-Status: Assigned +Status: Closed -Assigned To: fat +Assigned To: cmb
 [2016-08-03 19:39 UTC] cmb@php.net
> Fixed in https://github.com/zenovich/runkit/issues/44

As it's fixed, we can close this ticket.
 [2016-08-03 19:39 UTC] cmb@php.net
-Summary: FPM incompatible with runkit sanbox +Summary: FPM incompatible with runkit sandbox
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Jul 03 18:03:33 2022 UTC