Summary: | dev-lang/php-8.1.5 - sandbox issue | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Toralf Förster <toralf> |
Component: | Current packages | Assignee: | PHP Bugs <php-bugs> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | mjo |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 839747 | ||
Attachments: |
emerge-info.txt
dev-lang:php-8.1.5:20220421-114313.log.bz2 emerge-history.txt etc.portage.tar.bz2 logs.tar.bz2 |
Description
Toralf Förster
2022-04-21 12:30:23 UTC
Created attachment 772613 [details]
emerge-info.txt
Created attachment 772616 [details]
dev-lang:php-8.1.5:20220421-114313.log.bz2
Created attachment 772619 [details]
emerge-history.txt
Created attachment 772622 [details]
etc.portage.tar.bz2
Created attachment 772625 [details]
logs.tar.bz2
* ----------------------- SANDBOX ACCESS VIOLATION SUMMARY ----------------------- * LOG FILE: "/var/tmp/portage/dev-lang/php-8.1.5/temp/sandbox.log" * VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: chmod S: deny P: /etc/passwd A: /etc/passwd R: /etc/passwd C: /var/tmp/portage/dev-lang/php-8.1.5/work/sapis-build/cli/sapi/cli/php -n -d output_handler= -d open_basedir= -d disable_functions= -d output_buffering=Off -d error_reporting=32767 -d display_errors=1 -d display_startup_errors=1 -d log_errors=0 -d html_errors=0 -d track_errors=0 -d report_memleaks=1 -d report_zend_debug=0 -d docref_root= -d docref_ext=.html -d error_prepend_string= -d error_append_string= -d auto_prepend_file= -d auto_append_file= -d ignore_repeated_errors=0 -d precision=14 -d serialize_precision=-1 -d memory_limit=128M -d opcache.fast_shutdown=0 -d opcache.file_update_protection=0 -d opcache.revalidate_freq=0 -d opcache.jit_hot_loop=1 -d opcache.jit_hot_func=1 -d opcache.jit_hot_return=1 -d opcache.jit_hot_side_exit=1 -d zend.assertions=1 -d zend.exception_ignore_args=0 -d zend.exception_string_param_max_len=15 -d short_open_tag=0 -d session.save_path=/var/tmp/portage/dev-lang/php-8.1.5/temp -d session.auto_start=0 -d zlib.output_compression=Off -f /var/tmp/portage/dev-lang/php-8.1.5/work/php-8.1.5/ext/standard/tests/file/006_error.php F: chmod S: deny P: /etc A: /etc R: /etc C: /var/tmp/portage/dev-lang/php-8.1.5/work/sapis-build/cli/sapi/cli/php -n -d output_handler= -d open_basedir= -d disable_functions= -d output_buffering=Off -d error_reporting=32767 -d display_errors=1 -d display_startup_errors=1 -d log_errors=0 -d html_errors=0 -d track_errors=0 -d report_memleaks=1 -d report_zend_debug=0 -d docref_root= -d docref_ext=.html -d error_prepend_string= -d error_append_string= -d auto_prepend_file= -d auto_append_file= -d ignore_repeated_errors=0 -d precision=14 -d serialize_precision=-1 -d memory_limit=128M -d opcache.fast_shutdown=0 -d opcache.file_update_protection=0 -d opcache.revalidate_freq=0 -d opcache.jit_hot_loop=1 -d opcache.jit_hot_func=1 -d opcache.jit_hot_return=1 -d opcache.jit_hot_side_exit=1 -d zend.assertions=1 -d zend.exception_ignore_args=0 -d zend.exception_string_param_max_len=15 -d short_open_tag=0 -d session.save_path=/var/tmp/portage/dev-lang/php-8.1.5/temp -d session.auto_start=0 -d zlib.output_compression=Off -f /var/tmp/portage/dev-lang/php-8.1.5/work/php-8.1.5/ext/standard/tests/file/006_error.php F: mkdir S: deny P: testtmpskipifdir A: /testtmpskipifdir R: /testtmpskipifdir C: /var/tmp/portage/dev-lang/php-8.1.5/work/sapis-build/cli/sapi/cli/php -n -q -d output_handler= -d open_basedir= -d disable_functions= -d output_buffering=Off -d error_reporting=32767 -d display_errors=1 -d display_startup_errors=1 -d log_errors=0 -d html_errors=0 -d track_errors=0 -d report_memleaks=1 -d report_zend_debug=0 -d docref_root= -d docref_ext=.html -d error_prepend_string= -d error_append_string= -d auto_prepend_file= -d auto_append_file= -d ignore_repeated_errors=0 -d precision=14 -d serialize_precision=-1 -d memory_limit=128M -d opcache.fast_shutdown=0 -d opcache.file_update_protection=0 -d opcache.revalidate_freq=0 -d opcache.jit_hot_loop=1 -d opcache.jit_hot_func=1 -d opcache.jit_hot_return=1 -d opcache.jit_hot_side_exit=1 -d zend.assertions=1 -d zend.exception_ignore_args=0 -d zend.exception_string_param_max_len=15 -d short_open_tag=0 -d session.save_path=/var/tmp/portage/dev-lang/php-8.1.5/temp -d session.auto_start=0 -d zlib.output_compression=Off -d opcache.file_cache= -d opcache.file_cache_only=0 -d display_errors=1 -d display_startup_errors=0 /var/tmp/portage/dev-lang/php-8.1.5/work/php-8.1.5/ext/standard/tests/file/chroot_001.skip.php F: mkdir S: deny P: testtmpskipifdir A: /testtmpskipifdir R: /testtmpskipifdir C: /var/tmp/portage/dev-lang/php-8.1.5/work/sapis-build/cli/sapi/cli/php -n -q -d output_handler= -d open_basedir= -d disable_functions= -d output_buffering=Off -d error_reporting=32767 -d display_errors=1 -d display_startup_errors=1 -d log_errors=0 -d html_errors=0 -d track_errors=0 -d report_memleaks=1 -d report_zend_debug=0 -d docref_root= -d docref_ext=.html -d error_prepend_string= -d error_append_string= -d auto_prepend_file= -d auto_append_file= -d ignore_repeated_errors=0 -d precision=14 -d serialize_precision=-1 -d memory_limit=128M -d opcache.fast_shutdown=0 -d opcache.file_update_protection=0 -d opcache.revalidate_freq=0 -d opcache.jit_hot_loop=1 -d opcache.jit_hot_func=1 -d opcache.jit_hot_return=1 -d opcache.jit_hot_side_exit=1 -d zend.assertions=1 -d zend.exception_ignore_args=0 -d zend.exception_string_param_max_len=15 -d short_open_tag=0 -d session.save_path=/var/tmp/portage/dev-lang/php-8.1.5/temp -d session.auto_start=0 -d zlib.output_compression=Off -d opcache.file_cache= -d opcache.file_cache_only=0 -d display_errors=1 -d display_startup_errors=0 /var/tmp/portage/dev-lang/php-8.1.5/work/php-8.1.5/ext/standard/tests/file/mkdir-004.skip.php * -------------------------------------------------------------------------------- (I'm not sure why my sandbox isn't complaining about these?) 006_error.phpt tries to make /etc and /etc/passwd world-writable if your uid isn't 0, and expects to fail. This is a security issue (reported upstream), and not really something we should be trying to do in the first place. chroot_001.phpt is only supposed to run if you're root, but the check to see if you're root involves writing to the live filesystem (mkdir /testtmpskipifdir). No one should ever run the test suite as root in the first place, but it would be easy enough to replace that check with something sandbox-friendly. mkdir-004.phpt is intended to be run as root, but has the same problematic check as chroot_001.phpt. Moreover, if you *are* root, the tests will mess with your filesystem: var_dump(mkdir("/testdir/subdir", 0777, true)); var_dump(rmdir("/testdir/subdir")); var_dump(rmdir("/testdir")); That's bad for all kinds of reasons, and I don't see a way to salvage it. In short: chroot might be fixed, but the other two can just be deleted. Or all three can be deleted. NB: it looks like the EXPECTED_TEST_FAILURES stuff in our ebuilds is obsolete -- the variable is never defined. These are all hopefully fixed by https://github.com/php/php-src/pull/13566/ I don't know for sure that the chroot() test will work as expected in our sandbox, but the pre-check that writes to the root filesystem is now gone. I have high hopes. |