php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #74771 opcache.validate_root don't work in chrooted environment with multiple filesys
Submitted: 2017-06-17 12:54 UTC Modified: 2017-06-19 21:28 UTC
From: jb dot verdeil at gmail dot com Assigned: dmitry (profile)
Status: Assigned Package: opcache
PHP Version: 5.6.30 OS: debian 8.7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jb dot verdeil at gmail dot com
New email:
PHP Version: OS:

 

 [2017-06-17 12:54 UTC] jb dot verdeil at gmail dot com
Description:
------------
If we have multiples sites on server in chrooted php-fpm pools with opcache activated.
Let's say /var/www/{site1,site2,site3,site4}
Each site contains public_html/index.php, chroot=/var/www/siteX and chdir=/public_html
site1 and site2 are mount points on their own virtual filesystem while the others are on the main filesystem.
So in this case site1 and site2 have the same index.php because of cache, while site3 and site4 get their own one.

So it seems there is a bug on opcache.validate_root when multiple filesystem are used.

Opcache configuration :

; configuration for php ZendOpcache module
; priority=05
zend_extension=opcache.so
opcache.enable=1
opcache.memory_consumption=228
opcache.interned_strings_buffer=20
opcache.max_accelerated_files=130987
opcache.use_cwd=1
opcache.validate_timestamps=0
opcache.revalidate_freq=0
opcache.revalidate_path=1
opcache.save_comments=0
opcache.load_comments=0
opcache.fast_shutdown=1
opcache.enable_file_override=0
opcache.max_file_size=0
opcache.restrict_api="/public_html/hole/nerver.php"
opcache.validate_permission=1
opcache.validate_root=1
opcache.log_verbosity_level=4


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-19 21:28 UTC] stas@php.net
-Assigned To: +Assigned To: dmitry
 [2017-06-19 21:28 UTC] stas@php.net
Don't see a reason why this should be private, assigning to OpCache maintainer.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC