php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #74771 opcache.validate_root don't work in chrooted environment with multiple filesys
Submitted: 2017-06-17 12:54 UTC Modified: 2017-06-19 21:28 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jb dot verdeil at gmail dot com Assigned: dmitry (profile)
Status: Assigned Package: opcache
PHP Version: 5.6.30 OS: debian 8.7
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-06-17 12:54 UTC] jb dot verdeil at gmail dot com
Description:
------------
If we have multiples sites on server in chrooted php-fpm pools with opcache activated.
Let's say /var/www/{site1,site2,site3,site4}
Each site contains public_html/index.php, chroot=/var/www/siteX and chdir=/public_html
site1 and site2 are mount points on their own virtual filesystem while the others are on the main filesystem.
So in this case site1 and site2 have the same index.php because of cache, while site3 and site4 get their own one.

So it seems there is a bug on opcache.validate_root when multiple filesystem are used.

Opcache configuration :

; configuration for php ZendOpcache module
; priority=05
zend_extension=opcache.so
opcache.enable=1
opcache.memory_consumption=228
opcache.interned_strings_buffer=20
opcache.max_accelerated_files=130987
opcache.use_cwd=1
opcache.validate_timestamps=0
opcache.revalidate_freq=0
opcache.revalidate_path=1
opcache.save_comments=0
opcache.load_comments=0
opcache.fast_shutdown=1
opcache.enable_file_override=0
opcache.max_file_size=0
opcache.restrict_api="/public_html/hole/nerver.php"
opcache.validate_permission=1
opcache.validate_root=1
opcache.log_verbosity_level=4


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-19 21:28 UTC] stas@php.net
-Assigned To: +Assigned To: dmitry
 [2017-06-19 21:28 UTC] stas@php.net
Don't see a reason why this should be private, assigning to OpCache maintainer.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 10:01:30 2024 UTC