php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #80616 posix_initgroups() is conditionally defined
Submitted: 2021-01-11 18:01 UTC Modified: 2021-01-11 18:39 UTC
From: kucherdominikus at yahoo dot de Assigned:
Status: Re-Opened Package: POSIX related
PHP Version: 7.4.14 OS: Fedora release 33 (Thirty Three)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: kucherdominikus at yahoo dot de
New email:
PHP Version: OS:

 

 [2021-01-11 18:01 UTC] kucherdominikus at yahoo dot de
Description:
------------
[root@srv-schnapsverein:/data/fileserver/software/dksoftware]$php honeypot1.php 
#PHP Fatal error:  Uncaught Error: Call to undefined function posix_initgroups() in /data/fileserver/software/dksoftware/honeypot1.php:54
Stack trace:
#0 {main}
  thrown in /data/fileserver/software/dksoftware/honeypot1.php on line 54


Test script:
---------------
<?php declare(strict_types=1);
// Dominik Kucher

/******** zeige alle Fehler an *******/
error_reporting(E_ALL);

/*************Socket Server**********/
set_time_limit (0);

/** set the ip and port we will listen on */
$ipaddress = '0.0.0.0';
$port = 119;

/** signal handler to close sockets at SIGTERM */
declare(ticks=1000);
pcntl_signal(SIGUSR1, 'hp_sig_handler');

/** create a tcp socket */
if(($sock = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) === false)
{
 exit('socket_create() failed: ' . socket_strerror(socket_last_error()));
}

/** enable capability to listen on 0.0.0.0:25 and at the same time with own instances on sepcific local addresses*/
if(@socket_set_option($sock, SOL_SOCKET, SO_REUSEADDR, 1) === false)
{
 exit('socket_set_option(SO_REUSEADDR) failed: ' . socket_strerror(socket_last_error()));
}
if(@socket_set_option($sock, SOL_SOCKET, SO_REUSEPORT, 1) === false)
{
 exit('socket_set_option(SO_REUSEPORT) failed: ' . socket_strerror(socket_last_error()));
}

/** bind socket */
if(@socket_bind($sock, $ipaddress, $port) === false)
{
 exit('socket_bind() failed: ' . socket_strerror(socket_last_error()));
}

/** start listening */
if(@socket_listen($sock, 100) === false)
{
 exit('socket_listen() failed: ' . socket_strerror(socket_last_error()));
}
/** switch to non-blocking mode to receive signals correctly */
else
{
 socket_set_nonblock($sock);
}

/** drop privileges to 'nobody' */
$nobody_group = 99;
$nobody_user = 99;
if(!posix_initgroups('nobody', $nobody_group) || !posix_setgid($nobody_group) || !posix_setuid($nobody_user))
{
 exit("DROP PRIVILEGES FAILED STAGE 1\n");
}
if(posix_getuid() !== $nobody_user || posix_geteuid() !== $nobody_user || posix_getgid() !== $nobody_group || posix_getegid() !== $nobody_group)
{
 exit("DROP PRIVILEGES FAILED STAGE 2\n");
}

/** fake banners of known vulnerable service */
switch($port)
{
 case 21:   $response = "220 ProFTPD 1.3.1rc2 Server"; break;
 case 22:   $response = "SSH-2.0-Serv-U_7.0.0.2"; break;
 case 23:   $response = "AIX Version 5 (C) Copyrights by IBM and by others 1982,2000."; break;
 case 80:   $response = "HTTP/1.1 200 OK"; break;
 case 110:  $response = "+OK Microsoft Exchange POP3 server version 6.5.6803.0 (127.0.0.1) ready"; break;
 case 119:  $response = "200 OK Microsoft Exchange Internet News Service Version 5.5.2448.8 (posting allowed)"; break;
 case 143:  $response = "* OK Microsoft Exchange IMAP4rev1 server version 5.5.2448.8 (127.0.0.1) ready"; break;
 case 443:  $response = "HTTP/1.1 200 OK"; break;
 case 465:  $response = "220 127.0.0.1 ESMTP SonicWALL (8.0.4.2611)"; break;
 case 631:  $response = 'HTTP/1.1 200 OK'; break;
 case 873:  $response = '@RSYNCD: 30.0'; break;
 case 783:  $response = 'SPAMD'; break;
 case 902:  $response = '220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , VMXARGS supported, NFCSSL supported'; break;
 case 993:  $response = "* OK Microsoft Exchange IMAP4rev1 server version 5.5.2448.8 (127.0.0.1) ready"; break;
 case 995:  $response = "+OK Microsoft Exchange POP3 server version 6.5.6803.0 (127.0.0.1) ready"; break;
 case 3306: $response = base64_decode('UgAAAA0KNS41LjQ5LWNsbC1sdmUABwEAAHEqe01QKXpNAP8FAgAPwBUAAAAAAAAAAAAAUTA8eW9C' . "\n" . 'OTdGOzQzAG15c3FsX25hdGl2ZV9wYXNzd29yZAANCg=='); break;
 case 3310: $response = 'PONG'; break;
 case 3389: $response = "\x03\x00\x00\x0b\x06\xd0"; break;
 case 5222: $response = '<?xml version=\'1.0\'?><stream:stream xmlns:stream=\'http://etherx.jabber.org/streams\' xml:lang=\'en\' from=\'\' xmlns:db=\'jabber:server:dialback\' to=\'\' xmlns=\'jabber:server\'><stream:error><connection-timeout xmlns=\'urn:ietf:params:xml:ns:xmpp-streams\'/></stream:error></stream:stream>'; break;
 case 5269: $response = '<?xml version=\'1.0\'?><stream:stream xmlns:stream=\'http://etherx.jabber.org/streams\' xml:lang=\'en\' from=\'\' xmlns:db=\'jabber:server:dialback\' to=\'\' xmlns=\'jabber:server\'><stream:error><connection-timeout xmlns=\'urn:ietf:params:xml:ns:xmpp-streams\'/></stream:error></stream:stream>'; break;
 case 5900: $response = 'RFB 003.008'; break;
 case 8009: $response = "\x41\x42\x00\x01\x09"; break;
}

/** terminbate response */
$response .= "\r\n";

/** worker-loop */
while(true)
{
 /** reset */
 $msgsock = false;
 /** wait for client connection */
 while($msgsock === false)
 {
  usleep(100000);
  $msgsock = @socket_accept($sock);
 }
 /** send response to the client */
 @socket_write($msgsock, $response);
 /** log connection */
 if(@socket_getpeername($msgsock, $remote_ip) !== false)
 {
  $output = strftime("%Y-%m-%d %H:%M:%S") . "\t" . $remote_ip . "\t" . gethostbyaddr($remote_ip) . "\n";
  if(file_put_contents ('/var/log/honeypot.log', $output, FILE_APPEND | LOCK_EX) === false)
  {
   exit('failed write to /var/log/honeypot.log');
  }
  /** close client connection */
  @socket_close($msgsock);
 }
}

/**
 * signal handler
 *
 * @param  int $signo
 * @return void
 * @access public
*/
function hp_sig_handler(int $signo)
{
 global $sock;
 switch($signo)
 {
  case SIGUSR1: @socket_close($sock); break;
 }
}

Expected result:
----------------
socket server -> log into text file when connection to the socket 
(systemd-unit)

Actual result:
--------------
[root@srv-schnapsverein:/data/fileserver/software/dksoftware]$php honeypot1.php 
#PHP Fatal error:  Uncaught Error: Call to undefined function posix_initgroups() in /data/fileserver/software/dksoftware/honeypot1.php:54
Stack trace:
#0 {main}
  thrown in /data/fileserver/software/dksoftware/honeypot1.php on line 54

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-11 18:04 UTC] rtrtrtrtrt at dfdfdfdf dot dfd
what about simply load the posix extension in your config?
 [2021-01-11 18:04 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-01-11 18:04 UTC] cmb@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.
 [2021-01-11 18:28 UTC] danack@php.net
Hi, 

The availability of that function depends on the detection of whether 'INITGROUPS' (whatever that is) is available for that system:

https://github.com/php/php-src/blob/65c789148b72e62d22fb23abaa1e0c97ba74c6da/ext/posix/posix.c#L1176

So this is probably a doc bug.

Also, please take the effort to make your reproduce cases be short http://sscce.org/

If you paste walls of text, it reduces the chances of people being able to see what the problem is.
 [2021-01-11 18:35 UTC] danack@php.net
btw In case you're interested in investigating why that is unavailable on your system, that define is setup from here I believe: https://github.com/php/php-src/blob/65c789148b72e62d22fb23abaa1e0c97ba74c6da/ext/posix/config.m4#L13
 [2021-01-11 18:39 UTC] cmb@php.net
-Summary: #PHP Fatal error: Uncaught Error: Call to undefined function posix_initgroups( +Summary: posix_initgroups() is conditionally defined -Status: Not a bug +Status: Re-Opened -Type: Bug +Type: Documentation Problem -Package: *General Issues +Package: POSIX related -Assigned To: cmb +Assigned To:
 [2021-01-11 18:42 UTC] rtrtrtrtrt at dfdfdfdf dot dfd
seriously - why should it be unavailable suddenly on Fedora 33 after 15 years?

[root@rawhide ~]# php -r "echo (int)function_exists('posix_initgroups');"
1

[root@rawhide ~]# php -v
PHP 7.4.14 (cli) (built: Jan  5 2021 10:45:06) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

[root@rawhide ~]# rpm -q php-process
php-process-7.4.14-1.fc33.x86_64
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri May 14 07:01:24 2021 UTC