php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77656 proc_open() ignores invalid cwd argument
Submitted: 2019-02-22 22:41 UTC Modified: 2019-03-18 13:38 UTC
From: php at yghe dot net Assigned:
Status: Open Package: Program Execution
PHP Version: 7.3.2 OS: Mac OS X 10.14.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-02-22 22:41 UTC] php at yghe dot net 
Description:
------------
If the "$cwd" argument to "proc_open()" is invalid, the problem is ignored and execution continues (usually, with the wrong working directory).

In "proc_open.c", near line 835, the return value of "chdir()" is explicitly ignored:

https://github.com/php/php-src/commit/a5eeecb13f8683eaadb137aee33ac2dd292bf1fc#diff-19f692ed5f75687fc7bc1929910e540f

Test script:
---------------
<?php

$spec = array(
  0 => array('pipe', 'r'),
  1 => array('pipe', 'w'),
  2 => array('pipe', 'w')
);
$pipes = array();
$proc = proc_open(
  'pwd',
  $spec,
  $pipes,
  'asldknfaeqwglknewqklnwnrfl'); // <<< Any Invalid Directory

var_dump($proc);
var_dump(stream_get_contents($pipes[1]));
var_dump(proc_get_status($proc));


Expected result:
----------------
"proc_open()" fails to open a subprocess and returns `false` if the "$cwd" argument is provided but not valid.

Actual result:
--------------
"proc_open()" continues in the presence of an invalid "$cwd", likely executing the subprocess in the wrong working directory.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-03-18 10:57 UTC] nikic@php.net 
From a quick look, the problem here is that chdir() is called after forking, at which point we can no longer influence whether proc_open in the parent process succeeds or not.
 [2019-03-18 13:38 UTC] php at yghe dot net 
Yes, you're correct. A better "expected result" is perhaps:

The subprocess exits immediately with an error code after "chdir()" fails, instead of executing in the wrong working directory.

Before this, optionally, "proc_open()" might make some attempt to validate the directory and fail early with a more specific error message if "chdir()" seems unlikely to succeed (for example, because the working directory does not exist). However, this might be a difficult test to perform in the general case -- perhaps there are cases under, say, SELinux, where the parent process may be unable to see or access the directory but the child can.
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Sat Dec 09 21:01:28 2023 UTC