Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 112387 - mod_php-4.4.0-r9 logs error messages where no errors occur (safe mode restriction, open_base dir)
Summary: mod_php-4.4.0-r9 logs error messages where no errors occur (safe mode restric...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: PHP Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-13 02:12 UTC by Marcel Meckel
Modified: 2006-01-20 01:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcel Meckel 2005-11-13 02:12:11 UTC 
After upgrading mod_php to 4.4.0-r9 i discovered a strange behaviour regarding 
error logging.

Example

/etc/php/apache2-php4/php.ini:
safe_mode = On
open_basedir = /var/www/_openbasedir

<VirtualHost a.b.c.d:80>
        DocumentRoot /var/www/wwwadm01/html/domain.tld
        php_admin_value open_basedir            /var/www/wwwadm01/html/domain.
tld/:/var/www/wwwadm01/tmp/
        php_admin_value safe_mode               0
        [..]
</VirtualHost>

/var/www/wwwadm01/html/domain.tld/test.php is a php script owned _not_ by root 
but by uid 5001. /var/www/wwwadm01/tmp/ is owned by uid 5001, too.

The test.php script tries to open a file in /var/www/wwwadm01/tmp/.

The script is working as supposed to be, but it generates nonsense error 
messages like these ones:

(Taken from php error_log)
PHP Warning:  Unknown(): open_basedir restriction in effect. File(/var/www/
wwwadm01/tmp) is not within the allowed path(s): (/var/www/_openbasedir) in 
Unknown on line 0
PHP Warning:  Unknown(): SAFE MODE Restriction in effect.  The script whose uid 
is 0 is not allowed to access /var/www/wwwadm01/tmp owned by uid 5001 in Unknown 
on line 0, referer: http://foo.bar/...

The first log entry is nonsense, since the script is working and even a phpinfo 
file in this place confirms, that /var/www/wwwadm01/tmp is in local open_basedir 
and /var/www/_openbasedir is the global open_basedir setting.

The second error message is nonsense too, since safe_mode is turned off in 
<Virtualhost> which is confirmed in phpinfo too: the local safe_mode value is 
off, only the global safe_mode value is on. Second, the php script is __not__ 
owned by uid 0 but uid 5001, the same person who owns the /var/www/wwwadm01/tmp 
directory.

I repeat, the scripts are all working as supposed to be, but the error_log is 
filled with tons of nonsense error messages.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




# emerge info ; emerge -pv apache mod_php
Portage 2.0.51.22-r3 (default-linux/x86/2005.1, gcc-3.3.6, glibc-2.3.5-r2, 2.6.
11-hardened-r15 i686)
=================================================================
System uname: 2.6.11-hardened-r15 i686 Intel(R) Celeron(R) CPU 2.40GHz
Gentoo Base System version 1.6.13
ccache version 2.3 [disabled]
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/
config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="x86 alsa apache2 arts avi bash-completion berkdb bitmap-fonts bzip2 crypt 
curl devfs26 eds emboss encode expat foomaticdb gd gdbm gif gstreamer hardened 
hardenedphp idn imagemagick imap imlib jpeg junit kde libg++ mbox memlimit mhash 
mmx mmx2 motif mp3 mpm-prefork ncurses nls noantlr nobcel nobeanutils nobsh 
nocommonslogging nocommonsnet nojdepend nojsch nojython nolog4j nooro nopop3d 
noregexp norhino noxerces ogg oggvorbis opengl oss pam pcre perl php png posix 
quicktime rtc sasl sdl sse sse2 ssl tcpd tiff truetype truetype-fonts type1 
type1-fonts udev vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY


These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] net-www/apache-2.0.54-r31  +apache2 -debug -doc -ldap -mpm-
leader -mpm-peruser +mpm-prefork -mpm-threadpool -mpm-worker -no-suexec (-
selinux) +ssl -static-modules -threads 0 kB
[ebuild   R   ] dev-php/mod_php-4.4.0-r9  -X +apache2 +berkdb +crypt +curl -
debug -doc -fdftk -firebird -flash -freetds +gd -gd-external +gdbm -gmp 
+hardenedphp +imap -informix -ipv6 -java +jpeg -kerberos -ldap -mcal +memlimit -
mssql +mysql +nls -oci8 -odbc +pam +png -postgres -snmp -spell +ssl +tiff 
+truetype +xml2 -yaz 0 kB

Total size of downloads: 0 kB
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2005-11-13 02:55:50 UTC 
1/ /var/www/wwwadm01/tmp is *not* within var/www/wwwadm01/html/domain, to which
open_basedir is set for that vhost

2/ open_basedir is *not* affected by whether safe mode is on or off - as noted
in php.ini

INVALID bug, please read the php documentation.
Comment 2 Marcel Meckel 2005-11-13 05:43:24 UTC 
(In reply to comment #1)
> 1/ /var/www/wwwadm01/tmp is *not* within var/www/wwwadm01/html/domain,
> to which open_basedir is set for that vhost

please reread my posting - it says:
open_basedir /var/www/wwwadm01/html/domain.tld/:/var/www/wwwadm01/tmp/
                                                ^^^^^^^^^^^^^^^^^^^^^^

> 2/ open_basedir is *not* affected by whether safe mode is on or off - as noted
> in php.ini

I didn't say this. The open_basedir and safe_mode problem reported by me have 
nothing to do with each other, only it happens to be written to the error log 
when no error occurs.

> INVALID bug, please read the php documentation.

Please, reread my posting and reopen this bug. You did not understand this 
problem reported by me.
Comment 3 Marcel Meckel 2005-11-13 05:43:49 UTC 
.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2005-11-13 05:58:32 UTC 
Bleh, I guess I should have my morning coffee first before closing bugs...
Comment 5 Romang 2006-01-04 06:29:51 UTC 
Hello,

Same strange behaviour :

safe_mode = On

Then into apache conf
                     
<VirtualHost *:80>
        DocumentRoot /var/www/vhosts/www.website.xxx/htdocs
        ServerName www.website.xxx
        ErrorLog /var/www/vhosts/www.website.xxx/logs/www.website.xxx-error.log
        CustomLog /var/www/vhosts/www.website.xxx/logs/www.website.xxx-access.log combined

        php_admin_value open_basedir /var/www/vhosts/www.website.xxx:/usr/lib/php
        php_admin_value session.save_path /var/www/vhosts/www.website.xxx/phpsession

...

Error displayed when apache accessing a .html file !!!!

Warning: Unknown(): SAFE MODE Restriction in effect. The script whose uid is 0 is not allowed to access /var/www/vhosts/www.website.xxx owned by uid 81 in Unknown on line 0

Regards
Comment 6 Sebastian Bergmann (RETIRED) gentoo-dev 2006-01-20 01:24:07 UTC 
dev-php/php, dev-php/mod_php, and dev-php/php-cgi have been replaced by dev-lang/php.

Please upgrade (following the guide at http://svn.gnqs.org/projects/gentoo-php-overlay/file/docs/php-upgrading.html?format=raw) to the new-style PHP package and open a new bug if the problem persists.

Thank you.