php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71223 Unix socket permissions are not always correct
Submitted: 2015-12-26 01:16 UTC Modified: 2017-01-09 05:43 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: gmoniker at gmail dot com Assigned:
Status: Wont fix Package: FPM related
PHP Version: 5.6.16 OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-12-26 01:16 UTC] gmoniker at gmail dot com
Description:
------------
The listen.mode setting of a worker pool allows to set the basic Unix permission bits. If you set it to 440 it should have rw-rw---- for example.

The way it is set up in fpm_unix.c is to set an inverted umask and then create the socket with that umask.

This works on filesystems with only basic permissions. However if you install on a filesystem with Posix ACL, then the default mask for the parent directory may interfere with this, and the socket file gets the wrong permission bits, possibly missing a necessary write permission.


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-26 01:18 UTC] gmoniker at gmail dot com
Where I say 440 in the bug report it should be 660 obviously.
 [2015-12-26 01:40 UTC] gmoniker at gmail dot com
Pull request made for 5.6.17:
 Explicitly set the Unix socket permission bits #1697
 [2017-01-09 05:43 UTC] krakjoe@php.net
-Status: Open +Status: Wont fix
 [2017-01-09 05:43 UTC] krakjoe@php.net
The pull request on github was closed because 5.6 is in security fix only release cycle.

Please open a clean PR against a supported branch.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC