php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77656 proc_open() ignores invalid cwd argument
Submitted: 2019-02-22 22:41 UTC Modified: 2019-03-18 13:38 UTC
From: php at yghe dot net Assigned:
Status: Open Package: Program Execution
PHP Version: 7.3.2 OS: Mac OS X 10.14.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at yghe dot net
New email:
PHP Version: OS:

 

 [2019-02-22 22:41 UTC] php at yghe dot net 
Description:
------------
If the "$cwd" argument to "proc_open()" is invalid, the problem is ignored and execution continues (usually, with the wrong working directory).

In "proc_open.c", near line 835, the return value of "chdir()" is explicitly ignored:

https://github.com/php/php-src/commit/a5eeecb13f8683eaadb137aee33ac2dd292bf1fc#diff-19f692ed5f75687fc7bc1929910e540f

Test script:
---------------
<?php

$spec = array(
  0 => array('pipe', 'r'),
  1 => array('pipe', 'w'),
  2 => array('pipe', 'w')
);
$pipes = array();
$proc = proc_open(
  'pwd',
  $spec,
  $pipes,
  'asldknfaeqwglknewqklnwnrfl'); // <<< Any Invalid Directory

var_dump($proc);
var_dump(stream_get_contents($pipes[1]));
var_dump(proc_get_status($proc));


Expected result:
----------------
"proc_open()" fails to open a subprocess and returns `false` if the "$cwd" argument is provided but not valid.

Actual result:
--------------
"proc_open()" continues in the presence of an invalid "$cwd", likely executing the subprocess in the wrong working directory.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-03-18 10:57 UTC] nikic@php.net 
From a quick look, the problem here is that chdir() is called after forking, at which point we can no longer influence whether proc_open in the parent process succeeds or not.
 [2019-03-18 13:38 UTC] php at yghe dot net 
Yes, you're correct. A better "expected result" is perhaps:

The subprocess exits immediately with an error code after "chdir()" fails, instead of executing in the wrong working directory.

Before this, optionally, "proc_open()" might make some attempt to validate the directory and fail early with a more specific error message if "chdir()" seems unlikely to succeed (for example, because the working directory does not exist). However, this might be a difficult test to perform in the general case -- perhaps there are cases under, say, SELinux, where the parent process may be unable to see or access the directory but the child can.
 [2024-01-12 16:32 UTC] daniellisa320 at gmail dot com 
Certainly! It seems like you're asking for feedback or information about a bug, and you've requested a response including the keyword "." However, you haven't provided specific details about the bug or the context. Please provide more information about the bug, the platform you're referring to, and any relevant details for me to address your request accurately.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 02:01:29 2024 UTC