Bug 121454
Summary: | umask change via umask() function call persists after script is completed | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bret Hughes <bhughes> |
Component: | php | Assignee: | Joe Orton <jorton> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 1 | CC: | bressers, jn |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 4.3.6-1.3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-06-21 14:00:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bret Hughes
2004-04-21 18:16:17 UTC
You're using PHP as an in-process scripting language: if a script changes one of the properties of the httpd child process, such as the umask, then those properties are not reset after the script terminates. That is the nature of in-process scripting languages. If you want to use PHP as an out-of-process scripting language, you can do so by replacing the AddType in /etc/httpd/conf.d/php.conf with: Action php-script /cgi-bin/php AddHandler php-script .php and running, as root: # ln /usr/bin/php /var/www/cgi-bin/php OK, Thanks. If this is NOTABUG, what has changed since rhl 7.3? this behavior is not evident in php-4.1.2-7.3.6 and the php docs on umask() say: I see this behavior on a rh9 box too but not with RH built rpms. umask() sets PHP's umask to mask & 0777 and returns the old umask. When PHP is being used as a server module, the umask is restored when each request is finished. This is clearly not happening. I can't believe that his behavior is not a bug since you are shipping a product that allows a script to change the default expected environment fo scripts that follow. ESPECIALLY in the possible sensitive area of file permissions. Ah, my apologies, I didn't realise this was a regression. I should have mentioned it. I am going to ask the php general list about it as well. hmm I notice that my chkumask script did not make it to tbe post. Since I think it realy does make tracking this thing down easier here it is. ########## chkumask.sh #!/bin/sh if [ -n "$1" ] ; then echo "setting hostname to input host $1" myhost=$1 else myhost=$HOSTNAME fi echo "using $myhost as wget host" while [ 1 ]; do echo -n `date +'%D'` " host: $myhost " wget -q -O - "http://$myhost/umask.php" sleep 1 done ############ end of of chkumask.sh It's a bug in the Apache 2.0 support in PHP: I've got a patch which I'll integrate and submit upstream. Fix integrated for the php-4.3.6-1.1 update. Fix included in FEDORA-2004-118 update, thanks for the report. http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00025.html |