Bug 162332 - is_writable() and is_readable() return false when access is permitted via ACL
is_writable() and is_readable() return false when access is permitted via ACL
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: php (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
http://bugs.php.net/bug.php?id=30931
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-02 17:20 EDT by Pete Chown
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-20 11:07:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for this issue from bugs.php.net (1.84 KB, patch)
2005-07-02 17:22 EDT, Pete Chown
no flags Details | Diff

  None (edit)
Description Pete Chown 2005-07-02 17:20:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
PHP 5 attempts to work out whether a user has access to a file using the stat structure.  Of course this fails with ACLs, SELinux, and so on.  This has been reported at http://bugs.php.net/bug.php?id=30931 and a patch exists, which I will attach.

I can confirm that the patch works on FC4.  I think the PHP people may be concerned that it will break on other architectures; the author says that he thinks some more ifdefs may be required.  At any rate, there has been no feedback about getting the patch incorporated into the next general PHP release.

What I am wondering is whether Fedora would be prepared to include the patch in the next update of PHP, until this issue is fixed upstream.  This issue is more of a nuisance than it may first appear; for example it means that access to Smarty's cache directory cannot be granted using an ACL, and so on.

Version-Release number of selected component (if applicable):
php-5.0.4-10.i386.rpm

How reproducible:
Always

Steps to Reproduce:
1.  Install Apache and PHP from FC4.

2.  Create a website using Smarty.  Grant access to the compiled templates (templates_c) directory using an ACL.  For example "setfacl -m g:apache:rwx templates_c".

3.  Ensure that Apache does not have access to this directory for any other reason, for example it must not be mode 777.


Actual Results:  Smarty will refuse to load templates, believing that the templates_c directory is not writable.

Expected Results:  Smarty should have loaded the templates and written them to the directory, which is in fact writable.

Additional info:
Comment 1 Pete Chown 2005-07-02 17:22:17 EDT
Created attachment 116296 [details]
Patch for this issue from bugs.php.net
Comment 2 Joe Orton 2005-07-05 11:35:09 EDT
Thanks for the report, this looks reasonable (and sorry, this just missed the
5.0.4-10.3 update which just released today).
Comment 3 Pete Chown 2005-07-05 11:49:53 EDT
Thank you for offering to carry the patch (and don't worry about today's update,
I've built PHP once with this patch included, so it's not too hard to do it again).
Comment 4 Pete Chown 2005-08-29 16:11:23 EDT
Just wanted to point out that this patch was missing from the latest PHP update
(php-5.0.4-10.4).  Don't worry about it, these things happen -- but it would be
very helpful if it could be bundled with a future release.
Comment 5 Joe Orton 2005-08-30 05:56:26 EDT
Actually I looked at this more carefully and would rather submit this for review
upstream first.
Comment 6 Christian Iseli 2007-01-19 19:41:14 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 7 Pete Chown 2007-01-20 11:07:35 EST
Looks like it's fixed so I'll close the bug.

Note You need to log in before you can comment on or make changes to this bug.