Bug 121454

Summary: umask change via umask() function call persists after script is completed
Product: [Fedora] Fedora Reporter: Bret Hughes <bhughes>
Component: phpAssignee: Joe Orton <jorton>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 1CC: bressers, jn
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: 4.3.6-1.3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-21 14:00:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bret Hughes 2004-04-21 18:16:17 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.8 (X11; Linux i686; U;) Gecko/20030212

Description of problem:
When I call umask(0002) from a php script the umask stays set for all
subsequent calls to the server that hit that httpd process.

Version-Release number of selected component (if applicable):
php-4.3.4-1.1

How reproducible:
Always

Steps to Reproduce:
1.install umask.php in a directory accessible by the web server 

####### umask.php

<?php
if ( isset( $_GET['newmask']) ) {
    print "newmask is set to $_GET[newmask] calling umask()<br>\n";
    print umask($_GET['newmask']) ."<br>\n";
}
else {
    print "umask is ". umask() . "<br>\n";
}
?>
################# end of umask.php

2. copy chkmask.sh somwhere on the server

3. run chkumask.sh [hostnameofserver]
this will start looping and making calls to the umask.php script on
the server  defaults to value of $HOSTNAME

4. with a broser or whatever go to
http://servername/locationofumask.php?newmask=0002

5 observe output of chkumask.sh depending on the number of threads
started by httpd the umask changes from 18(octal 22, the default) to 2
for that thread.

refresh the browser several times to have more threads get changed.

Actual Results:  output of chkumask.sh:

using 10.23.0.137 as wget host
04/21/04  host: 10.23.0.137  umask is 2<br>
04/21/04  host: 10.23.0.137  umask is 18<br>
04/21/04  host: 10.23.0.137  umask is 2<br>
04/21/04  host: 10.23.0.137  umask is 2<br>
04/21/04  host: 10.23.0.137  umask is 18<br>
04/21/04  host: 10.23.0.137  umask is 18<br>
04/21/04  host: 10.23.0.137  umask is 18<br>
04/21/04  host: 10.23.0.137  umask is 2<br>
04/21/04  host: 10.23.0.137  umask is 2<br>
04/21/04  host: 10.23.0.137  umask is 18<br>
04/21/04  host: 10.23.0.137  umask is 2<br>



Expected Results:  that the umask remain 18 for all threads as it is
after serverice httpd restart

Additional info:

reducing the number of threads started by httpd to one will make this
redily apparent:

I started httpd with this:

<IfModule prefork.c>
StartServers       1
MinSpareServers    1
MaxSpareServers    1
MaxClients         1
MaxRequestsPerChild  1000
</IfModule>

#<IfModule prefork.c>
#StartServers       8
#MinSpareServers    5
#MaxSpareServers   20
#MaxClients       150
#MaxRequestsPerChild  1000
#</IfModule>



restarted and indeed only had one child processas expected.

[root@compaq2 conf]# ps axf|grep [h]ttpd
12144 ?        S      0:01 /usr/sbin/httpd
12147 ?        S      0:01  \_ /usr/sbin/httpd


I got all 18s and then ran the script that does the umask and this is
what happened:


Wed Apr 21 10:29:47 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:48 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:49 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:50 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:51 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:52 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:53 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:54 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:55 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:56 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:57 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:58 CDT 2004    umask is 18<br>
Wed Apr 21 10:29:59 CDT 2004    umask is 18<br>
Wed Apr 21 10:30:01 CDT 2004    umask is 18<br>
Wed Apr 21 10:30:02 CDT 2004    umask is 18<br>
Wed Apr 21 10:30:03 CDT 2004    umask is 18<br> #instant change
Wed Apr 21 10:30:04 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:05 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:06 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:07 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:08 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:09 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:10 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:12 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:13 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:14 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:15 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:16 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:17 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:18 CDT 2004    umask is 2<br>
Wed Apr 21 10:30:19 CDT 2004    umask is 2<br>
Comment 1 Joe Orton 2004-04-21 20:37:55 UTC 
You're using PHP as an in-process scripting language: if a script
changes one of the properties of the httpd child process, such as the
umask, then those properties are not reset after the script
terminates.  That is the nature of in-process scripting languages.

If you want to use PHP as an out-of-process scripting language, you
can do so by replacing the AddType in /etc/httpd/conf.d/php.conf with:

Action php-script /cgi-bin/php
AddHandler php-script .php

and running, as root:

# ln /usr/bin/php /var/www/cgi-bin/php
Comment 2 Bret Hughes 2004-04-21 21:47:52 UTC 
OK, Thanks.  If this is NOTABUG, what has changed since rhl 7.3?  this
behavior is not evident in php-4.1.2-7.3.6 and the php docs on umask()
say:

I see this behavior on a rh9 box too but not with RH built rpms.

 umask() sets PHP's umask to mask & 0777 and returns the old umask.
When PHP is being used as a server module, the umask is restored when
each request is finished.

This is clearly not happening.  

I can't believe that his behavior is not a bug since you are shipping
a product that allows a script to change the default expected
environment fo scripts that follow.  ESPECIALLY in the possible
sensitive area of file permissions.
Comment 3 Joe Orton 2004-04-21 22:10:23 UTC 
Ah, my apologies, I didn't realise this was a regression.
Comment 4 Bret Hughes 2004-04-22 02:10:53 UTC 
I should have mentioned it.  I am going to ask the php general list
about it as well.
Comment 5 Bret Hughes 2004-04-22 02:16:51 UTC 
hmm I notice that my chkumask script did not make it to tbe post. 
Since I think it realy does make tracking this thing down easier here
it is.

########## chkumask.sh  

#!/bin/sh

if [ -n "$1" ] ; then
    echo "setting hostname to input host $1"
    myhost=$1
else
    myhost=$HOSTNAME
fi
echo "using $myhost as wget host"

while [ 1 ]; do
    
    echo -n `date +'%D'` " host: $myhost  "
    
    wget -q -O - "http://$myhost/umask.php"
    sleep 1
done

############ end of of chkumask.sh
Comment 6 Joe Orton 2004-04-22 05:53:13 UTC 
It's a bug in the Apache 2.0 support in PHP: I've got a patch which
I'll integrate and submit upstream.
Comment 7 Joe Orton 2004-05-12 14:36:38 UTC 
Fix integrated for the php-4.3.6-1.1 update.
Comment 9 Joe Orton 2004-06-21 14:00:44 UTC 
Fix included in FEDORA-2004-118 update, thanks for the report.

http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00025.html