FAQ
Hi everyone, I just subscribed to this list in hopes of working out some
PHP bugs that have to do with Solaris.

I've been trying to find out some reason why the getcwd() PHP function
fails under some situations under Solaris. Particularly, when some
component of the file path looks like: d--x--x--x (no read perms). This
appears to be a security feature that Solaris implements that is not
there in Linux. Here is what I found out:

If you are not root AND you want to get your current working directory
that has parents with without 'r' permissions, you must do one of
two things:

a) Execute a getcwd() program that is suid-root.

OR: And this is the strange one...

b) Tell Solaris that you already know where you are!!

You can accomplish (b) by doing a 'cd /mydir/mysubdir/' where mydir has
the permissions (d--x--x--x). Without changing directories with a
fully-qualified path, getcwd() will return NULL.

Here are my questions for the list:

1) Is there any way for a running non-root instance of PHP under
Apache or another web server to "know where it is" in the directory tree
already, in hopes of implementing (b) above?

2) I'm assuming that the current functionality of PHP include()
requires stdio's getcwd() in order to function with relative paths. Is
this really the case?

3) If #1 is possible and #2 is the case, would it be reasonable to
implement a fix for this with doing a chdir(), followed by a getcwd() if
your architecture is Solaris?

I could try and attempt a fix, but my knowledge of the PHP source is
sorely lacking at this time. I'm working on bettering it!

Thanks!
-Rob

Search Discussions

  • Rob Thompson at Oct 2, 2007 at 12:21 am
    BTW: Here is the bug that I am referring to:

    http://bugs.php.net/bug.php?id=41822

    & correction: getcwd() is not an stdio function ;)

    Rob Thompson wrote:
    Hi everyone, I just subscribed to this list in hopes of working out some
    PHP bugs that have to do with Solaris.

    I've been trying to find out some reason why the getcwd() PHP function
    fails under some situations under Solaris. Particularly, when some
    component of the file path looks like: d--x--x--x (no read perms). This
    appears to be a security feature that Solaris implements that is not
    there in Linux. Here is what I found out:

    If you are not root AND you want to get your current working directory
    that has parents with without 'r' permissions, you must do one of
    two things:

    a) Execute a getcwd() program that is suid-root.

    OR: And this is the strange one...

    b) Tell Solaris that you already know where you are!!

    You can accomplish (b) by doing a 'cd /mydir/mysubdir/' where mydir has
    the permissions (d--x--x--x). Without changing directories with a
    fully-qualified path, getcwd() will return NULL.

    Here are my questions for the list:

    1) Is there any way for a running non-root instance of PHP under
    Apache or another web server to "know where it is" in the directory tree
    already, in hopes of implementing (b) above?

    2) I'm assuming that the current functionality of PHP include()
    requires stdio's getcwd() in order to function with relative paths. Is
    this really the case?

    3) If #1 is possible and #2 is the case, would it be reasonable to
    implement a fix for this with doing a chdir(), followed by a getcwd() if
    your architecture is Solaris?

    I could try and attempt a fix, but my knowledge of the PHP source is
    sorely lacking at this time. I'm working on bettering it!

    Thanks!
    -Rob
  • Antony Dovgal at Oct 2, 2007 at 7:52 am

    On 02.10.2007 04:11, Rob Thompson wrote:
    I've been trying to find out some reason why the getcwd() PHP function
    fails under some situations under Solaris. Particularly, when some
    component of the file path looks like: d--x--x--x (no read perms). This
    appears to be a security feature that Solaris implements that is not
    there in Linux.
    I would not call it a security feature.
    a) Execute a getcwd() program that is suid-root.
    UNpossible.
    b) Tell Solaris that you already know where you are!!
    That's exactly what we're trying to figure out, isn't it?
    1) Is there any way for a running non-root instance of PHP under
    Apache or another web server to "know where it is" in the directory tree
    already, in hopes of implementing (b) above?
    To "know where it is" it has to call getcwd(), which doesn't work on Solaris,
    or do you know any other ways to get current working dir?
    2) I'm assuming that the current functionality of PHP include()
    requires stdio's getcwd() in order to function with relative paths. Is
    this really the case? Sure.
    3) If #1 is possible and #2 is the case, would it be reasonable to
    implement a fix for this with doing a chdir(), followed by a getcwd() if
    your architecture is Solaris?
    chdir() to where?
    We need to call getcwd() to know where we are to do chdir(there).

    --
    Wbr,
    Antony Dovgal
  • Rob Thompson at Oct 2, 2007 at 5:27 pm
    Right. This does appear to be a "chicken or the egg" issue. Also,
    turns out (b) below is only the shell caching your last successful cd
    and spitting it back, not the result of a successful getcwd() call. So
    really, with Solaris, there is not even any chicken ;)

    Would it be reasonable to catch for a NULL getcwd() and simply return
    "." (you are where you are, wherever that is)?

    I think that this would be universally acceptable and it would at least
    allow relative paths in include()'s. Not quite sure of the security
    issues here.

    Relative references and directory navigation still work in Solaris, even
    with the getcwd() bug/issue:

    [1310][root@opteron:/]$ find ./test -ls
    449400 1 d--x--x--x 4 root root 512 Oct 2 13:07 ./test
    449401 1 d--x--x--x 2 root root 512 Oct 2 13:07
    ./test/testa
    449403 1 d--x--x--x 2 root root 512 Oct 2 13:08
    ./test/testb
    449405 1 -r--r--r-- 1 root root 5 Oct 2 13:08
    ./test/testb/testfile
    [1311][root@opteron:/]$ su nobody
    $ cd /test/testa
    $ cat ../testb/testfile
    test
    $

    Antony Dovgal wrote:
    On 02.10.2007 04:11, Rob Thompson wrote:
    I've been trying to find out some reason why the getcwd() PHP function
    fails under some situations under Solaris. Particularly, when some
    component of the file path looks like: d--x--x--x (no read perms). This
    appears to be a security feature that Solaris implements that is not
    there in Linux.
    I would not call it a security feature.
    a) Execute a getcwd() program that is suid-root.
    UNpossible.
    b) Tell Solaris that you already know where you are!!
    That's exactly what we're trying to figure out, isn't it?
    1) Is there any way for a running non-root instance of PHP under
    Apache or another web server to "know where it is" in the directory tree
    already, in hopes of implementing (b) above?
    To "know where it is" it has to call getcwd(), which doesn't work on Solaris,
    or do you know any other ways to get current working dir?
    2) I'm assuming that the current functionality of PHP include()
    requires stdio's getcwd() in order to function with relative paths. Is
    this really the case? Sure.
    3) If #1 is possible and #2 is the case, would it be reasonable to
    implement a fix for this with doing a chdir(), followed by a getcwd() if
    your architecture is Solaris?
    chdir() to where?
    We need to call getcwd() to know where we are to do chdir(there).

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedOct 2, '07 at 12:11a
activeOct 2, '07 at 5:27p
posts4
users2
websitephp.net

2 users in discussion

Rob Thompson: 3 posts Antony Dovgal: 1 post

People

Translate

site design / logo © 2022 Grokbase