Skip to content

Resolve open_basedir paths on ini update #10987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Resolve open_basedir paths on ini update #10987

wants to merge 1 commit into from
+82 −45

Conversation

iluuu1994
Copy link
Member

The whole ini handling is quite messy... Not sure if there's a way to improve it.

@iluuu1994 iluuu1994 force-pushed the open_basedir-absolute-path branch 2 times, most recently from a7ac8a1 to d1cc4b5 Compare April 2, 2023 17:26
Girgias
Girgias reviewed Apr 3, 2023
View reviewed changes
main/fopen_wrappers.c
*p = ZSTR_VAL(new_value);
return SUCCESS;
}

/* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not pointing to this comment.

But the comment above: PHPAPI ZEND_INI_MH(OnUpdateBaseDir) says:

Allows any change to open_basedir setting in during Startup and Shutdown events,
or a tightening during activation/runtime/deactivation

However, we are updating the INI setting without any checks in:

if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE)

So this is confusing, wondering what the actual php.net docs say as they may also be misleading.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's more just a shortcut in the code as it is clear this will fail the check so we don't bother to do the actual check. Pretty much what it says so not sure what's confusing about this?

@iluuu1994 iluuu1994 force-pushed the open_basedir-absolute-path branch from d1cc4b5 to f2e095d Compare April 6, 2023 15:41
iluuu1994 added a commit to iluuu1994/php-src that referenced this pull request Apr 11, 2023
@iluuu1994
Resolve open_basedir paths on ini update

Verified

This commit was signed with the committer’s verified signature.
iluuu1994 Ilija Tovilo
GPG key ID: A4F5D403F118200A
Verified
Learn about vigilant mode
0becb9f 
Closes phpGH-10987
@iluuu1994 iluuu1994 force-pushed the open_basedir-absolute-path branch from f2e095d to 0becb9f Compare April 11, 2023 17:00
@iluuu1994
Copy link
Member Author

@bukka Could you have another look?

@iluuu1994
Copy link
Member Author

@bukka If we still want to adjust this behavior we should do very soon 🙂 Do you prefer this approach over what is in master?

bukka
bukka reviewed Jul 7, 2023
View reviewed changes
Copy link
Member

@bukka bukka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iluuu1994 I just went through and re-read our previous comms and it looks good to me.

main/php.h Outdated
@@ -295,7 +295,7 @@ ssize_t pread(int, void *, size_t, off64_t);
#endif

BEGIN_EXTERN_C()
void phperror(char *error);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this related?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it was, must've sneaked in. I'll revert.

main/fopen_wrappers.c
*p = ZSTR_VAL(new_value);
return SUCCESS;
}

/* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's more just a shortcut in the code as it is clear this will fail the check so we don't bother to do the actual check. Pretty much what it says so not sure what's confusing about this?

@iluuu1994
Copy link
Member Author

@bukka Great, thanks for the review! I'll merge this soon then.

iluuu1994 added a commit to iluuu1994/php-src that referenced this pull request Jul 14, 2023
@iluuu1994
Resolve open_basedir paths on ini update

Verified

This commit was signed with the committer’s verified signature.
iluuu1994 Ilija Tovilo
GPG key ID: A4F5D403F118200A
Verified
Learn about vigilant mode
82e5ca6 
Closes phpGH-10987
@iluuu1994 iluuu1994 force-pushed the open_basedir-absolute-path branch from 0becb9f to 82e5ca6 Compare July 14, 2023 09:16
@iluuu1994
Resolve open_basedir paths on ini update

Verified

This commit was signed with the committer’s verified signature.
iluuu1994 Ilija Tovilo
GPG key ID: A4F5D403F118200A
Verified
Learn about vigilant mode
804aa29 
Closes phpGH-10987
@iluuu1994 iluuu1994 force-pushed the open_basedir-absolute-path branch from 82e5ca6 to 804aa29 Compare July 18, 2023 10:50
@iluuu1994 iluuu1994 closed this in 9bcdf21 Jul 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bukka bukka

@Girgias Girgias

@kocsismate kocsismate

@dstogov dstogov

Assignees
No one assigned
Labels
Category: Engine Extension: session Extension: zend_test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@iluuu1994 @bukka @Girgias