Edit report at https://bugs.php.net/bug.php?id=48880&edit=1
ID: 48880 Comment by: spam2 at rhsoft dot net Reported by: brwarner at rogers dot com Summary: Random Appearing open_basedir problem Status: Closed Type: Bug Package: Safe Mode/open_basedir Operating System: * PHP Version: 5.3SVN-2009-07-27 (snap) Block user comment: N Private report: N New Comment: https://github.com/zend-dev/ZendOptimizerPlus/issues/94 "opcache.use_cwd = 0" reintroduces https://bugs.php.net/bug.php?id=48880 Previous Comments: ------------------------------------------------------------------------ [2013-05-11 15:19:30] spam2 at rhsoft dot net easy to reproduce: * ab -c 30 -n 50000 http://first-host/ * hit reload with disabled cache in your browser on the second vhost ------------------------------------------------------------------------ [2013-05-11 15:14:18] spam2 at rhsoft dot net i see this randomly with Apache 2.4.4 and PHP 5.4.14/5.4.15 on Fedora x86_64 and it seems for me that this problem came back a short time ago because it is very new for me and i have this only seen with a PHP6-snapshot years ago until now ------------------------------------------------------------------------ [2009-07-31 21:10:11] ras...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2009-07-31 21:09:46] s...@php.net Automatic comment from SVN on behalf of rasmus Revision: http://svn.php.net/viewvc/?view=revision&revision=286602 Log: Fix bug #48880 The ini entry was being corrupted because it wasn't being set on the ACTIVATE and DEACTIVATE stages. ------------------------------------------------------------------------ [2009-07-31 03:34:00] starcraftmazter at gmail dot com I think this bug is closely related to 48744 http://bugs.php.net/bug.php?id=48744 To say what I said in the other bug report, I can confirm that I have a very similar issue. I have been running PHP with open_basedir for quite some time. I upgraded to php 5.3.0 recently, previously having ran php 5.2.5. Immediately after installing the newly compiled version, the issues began. The problem as I experience it, is that the "open_basedir" setting seems to be composed of random, non latin1 characters (displayed as symbols by the browser). I cannot draw any reasons as to which users are affected by this or why, but it does not happen to everyone - it is seemingly random. I am using CentOS 5.3 with the latest cPanel 11 on CURRENT which manages the open_basedir. I am using Apache 2.2.6. My compile string is as follows; './configure' '--prefix=/usr/local' '--with-apxs2=/usr/local/apache/bin/apxs' '--enable-bcmath' '--enable-calendar' '--enable-exif' '--enable-ftp' '--enable-gd-native-ttf' '--enable-libxml' '--enable-mbstring' '--enable-soap' '--enable-sockets' '--enable-zip' '--with-bz2' '--with-curl=/opt/curlssl/' '--with-curlwrappers' '--with-freetype-dir=/usr' '--with-gd' '--with-gettext' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libdir=lib64' '--with-libxml-dir=/opt/xml2' '--with-libxml-dir=/opt/xml2/' '--with-mcrypt=/opt/libmcrypt/' '--with-mhash=/opt/mhash/' '--with-openssl-dir=/usr' '--with-pic' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--with-xsl=/opt/xslt/' '--with-zlib' '--with-zlib-dir=/usr' '--with-openssl=/usr' '--with-mysql' '--with-mysqli' '--with-pgsql' '--with-sqlite=shared' '--enable-pdo=shared' '--with-pdo-sqlite=shared' '--with-pdo-mysql=shared' '--with-pdo-pgsql=shared' '--with-magickwand=/usr/local/bin' You can check other relevant settings here: http://liway.com/test.php For reference, here is the screenshot of the exact error message which one of the accounts is getting, which shows the open_basedir setting being composed of weird characters. http://img75.imageshack.us/img75/6261/screenshot1a.png The situation involves phpbb3 trying to include parts of itself, so I am confident that it should be allowed, as it's in the same directory or close directories within a single account home folder. The second screenshot is of the relevant open_basedir setting in the httpd.conf file. I have checked the settings against those in the virtual hosts of other accounts where open_basedir works without errors, and I can confirm that they are absolutely identical (apart from the actual home directory). http://img75.imageshack.us/img75/626/screenshot2w.png Needless to say, this is a very serious issue, as open_basedir is an extremely important security measure for those of us who don't run suPHP, and now it is impossible to use it because of these problems. I'm available daily for testing, hope this bug report will get some new attention for developers. Cheers ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=48880 -- Edit this bug report at https://bugs.php.net/bug.php?id=48880&edit=1
