[users@httpd] Problems with HPHP on AIX and Solaris, Apache 2.0.54

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,

I sent this question to the PHP general list on 26/4/05 however there's been 
no answer, so now I'll try the apache list...

I have interesting problems with PHP/Hardened PHP 4.3.11 on Apache 2.0.54 on 
AIX 5.1 and 5.2, and on Solaris 9.

I have a directory permissions scheme which has the absolute minimum of rights 
for the web server to work, that is a directory gets the permissions 
drwx--s--x (711) with the suid bit set.  This is done because many users have 
ftp access to the system and for some directories in the system it should not 
be possible for those users to do a directory listing.  Changing the 
permissions to include read permission is one solution that works, but in 
this environment it is unacceptable for us.  It's also unacceptable because 
this was working with previous versions of HPHP.

My first problem is the behaviour of Hardened PHP in PHP 4.3.10 and 4.3.11 on 
AIX.  This was built using gcc 3.3.3 from the AIX toolbox.  Everything was 
fine with Hardened PHP 4.3.9.  For what ever reason, with the above directory 
permissions, HPHP is not able to read files within that directory structure 
if they are included relative to the working directory of a script running 
within a subdirectory (see the example scripts and associated directory 
structure I have given later on).  If I run this on Linux with HPHP, it works 
fine, as does the normal PHP on AIX.  Strangely enough, if I use the absolute 
path to the included file, the file is included without problems.

My second problem is HPHP on Solaris 9 on a Blade 1500 - it just doesn't work 
with the apache process seg faulting apparently during the initialisation 
stage.  If I use the normal PHP everything runs fine.  These were built using 
gcc 3.3.2 from sunfreeware.com.  I have tried running it in gdb, but gdb 
itself seg faults.  So then (genius here) I ran apache inside gdb inside gdb 
which caught gdb's own seg fault and indicated a problem with libc.so.1.  
Applying the latest Solaris 9 patch cluster from Sun and rebuilding apache 
and HPHP did not change anything.  At the moment I'm one step away from 
opening a bug report at Sun.

I would like to know if any one else with similar systems has similar problems 
and maybe a solution.  I would bother Steffan Esser, the creator of HPHP, 
with this problem but I've bothered him enough already and really need to 
know if I'm the only one with such problems.  I also don't want to open a bug 
report at Sun if the problem is somewhere else.

If anyone has any questions about this problem, please ask.  I will be most 
grateful for any help anyone can give me.

Markus


A test directory structure to recreate this is as follows:
htdocs/test:
drws--S--x   3 user     users        512 Dec 28 17:37 .
drwxr-xr-x  14 user     users       1536 Apr 20 12:27 ..
drwxr-xr-x   2 user     users        512 Dec 28 17:39 subdir
-rw-r--r--   1 user     users         48 Dec 28 17:37 includeme.inc

htdocs/test/subdir:
drwxr-xr-x   2 user     users        512 Dec 28 17:39 .
drws--S--x   3 user     users        512 Dec 28 17:37 ..
-rw-r--r--   1 user     users        511 Apr 20 11:37 scripttest.php

the file htdocs/test/includeme.inc contains the script
<?php

echo "I am the included file!<br>";

?>

the file htdocs/test/subdir/scripttest.php contains the script
<?php

echo "I will now try to include the file ../includeme.inc.<br><br>";

include '../includeme.inc';

echo "<br>Done...<br><br>";

$included_files = get_included_files();

echo "These are the included files as returned by get_included_files():<br>";

foreach ($included_files as $included_file)
{
        echo " $included_file<br>";
}

echo "<br>";

echo "Now I will try to get my current working directory using getcwd()<br>";

$cwd = getcwd();

echo "getcwd() returned $cwd <br>";

echo "<br>Test end.<br>";

?>



Solaris Hardened PHP seg faults.
Solaris – PHP 4.3.11 standard and AIX PHP 4.3.11 standard output the 
following:

I will now try to include the file ../includeme.inc.

I am the included file!
 
Done...

These are the included files as returned by get_included_files():
 /usr/local/htdocs/test/subdir/scripttest.php
 ../includeme.inc

Now I will try to get my current working directory using getcwd()
getcwd() returned 

Test end.



AIX PHP 4.3.11 with Hardened PHP Patches 0.2.7 for PHP 4.3.11 outputs the 
following:

I will now try to include the file ../includeme.inc.


 Warning: main(../includeme.inc): failed to open stream: Permission denied 
in /usr/local/htdocs/test/subdir/scripttest.php on line 5
 
 Warning: main(): Failed opening '../includeme.inc' for inclusion 
(include_path='.:/usr/local/lib/php') 
in /usr/local/htdocs/test/subdir/scripttest.php on line 5
 
Done...

These are the included files as returned by get_included_files():
 /usr/local/htdocs/test/subdir/scripttest.php

Now I will try to get my current working directory using getcwd()
getcwd() returned 

Test end.



Linux: The output of the scripts on both standard PHP 4.3.11 and PHP 4.3.11 
with Hardened PHP patches version 0.2.7 for PHP 4.3.11 is the same:

I will now try to include the file ../includeme.inc.

I am the included file!
 
Done...

These are the included files as returned by get_included_files():
 /usr/local/htdocs/test/subdir/scripttest.php
 /usr/local/htdocs/test/includeme.inc

Now I will try to get my current working directory using getcwd()
getcwd() returned /usr/local/htdocs/test/subdir

Test end.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux