Since my update to PHP 5.1.4 with hardening patch, all apps with calls to the function file_exists() (and possibly others) give error messages when open_basedir is set. Live demo: ;-) http://www.serversite-linux.org/ (at the very bottom) http://www.radsport-libber.de/shop/catalog/ (Although the open_basedir parameters are set correctly and have worked fine before.) The problem is also discussed at: http://forum.hardened-php.net/viewtopic.php?pid=265 According to that discussion, there seems to be an update to the hardening patch; so it might be a good idea to update the ebuild. ----------------------------------------------------------- # emerge --info Portage 2.1_rc1-r2 (hardened/x86/2.6, gcc-3.3.6, glibc-2.3.6-r4, 2.6.11-hardened-r15 i686) ================================================================= System uname: 2.6.11-hardened-r15 i686 AMD Athlon(tm) XP 3000+ Gentoo Base System version 1.12.0_pre19 dev-lang/python: 2.3.5, 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i386-pc-linux-gnu" CFLAGS="-march=athlon-xp -pipe -O2" CHOST="i386-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -pipe -O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://85.25.128.62 ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo" LINGUAS="en de fr nl" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acpi apache2 berkdb clamav crypt dlloader hardened hardenedphp imap libwww maildir mysql ncurses nls nptl nptlonly pam pam-mysql perl php4 pic readline sasl ssl tcpd unicode userlocales vhosts x86 zlib elibc_glibc kernel_linux linguas_en linguas_de linguas_fr linguas_nl userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
FYI: I have worked around the error on the radsport-libber.de site, as this is a customer's site and it needs to work fine. So there are no errors to see there at the moment.
Please don't take wild guesses at who you think should be assigned to packages. +hardened-php is completely separate from the hardened team. The php package and patches are maintained by our php team. Here is a tool to help you quickly identify who maintains a given package. http://dev.gentoo.org/~solar/portage_misc/epkginfo
Yeah, this is a known bug in Hardened-PHP 0.4.9 (which we include atm), I'll update the packages to use 0.4.11 (which fixes it) tomorrow evening, and fix 1-2 other bugs while I'm at it. :) Best regards, CHTEKK.
*bump* Sorry for bumping, but this is (a) an annoying bug and (b) not hard to fix. (It actually _is_ fixed.) So it would be very nice if someone could update the package. Thank you very much.
It would be great! :-) (hardened-php patch upgrade to v0.4.11) Many thanks!
dev-lang/php-4.4.2-r3 and dev-lang/php-5.1.4-r1 are in the tree now, which fix this issue, among a couple of others, and update the Hardened-PHP patch to 0.4.11. Sorry for the delay! Best regards, CHTEKK.
