Re: _SC_GETGR_R_SIZE_MAX ?

Wed, 21 Feb 2007 07:47:19 -0800 

I presume you are aware that a) -current has this patch in its PHP port,
and b) 4.0 (at least) has a -hardened flavour which, while it uses
another patch, is pretty comparable?



Yes. 5.1.6 is in -CURRENT ports and uses Suhosin, but this is still a couple 
of versions behind. Under normal circumstances I always use what is in ports 
& packages, but I have a public facing webserver (with PHP apps I just can't 
drop) which I am concerned about and from reading the PHP changelogs there 
have been quite a few security fixes (as usual) in 5.2.0 and now 5.2.1.



Anyways, further digging into this problem led me to reading the CVS logs 
for PHP and there was a newer version of the posix.c file. I replaced 
5.2.1's ext/posix/posix.c with a new version and now make is successful. 
Patch is below. Am still reading through Robert's patches to 5.1.6 in 
-CURRENT to see what applies to 5.2.1...


patch-posix.c
====================

--- ext/posix/posix.c.orig      Fri Jan 12 01:46:11 2007
+++ ext/posix/posix.c   Mon Feb 19 13:04:11 2007
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */

-/* $Id: posix.c,v 1.70.2.3.2.12 2007/01/12 01:46:11 iliaa Exp $ */
+/* $Id: posix.c,v 1.92 2007/02/10 00:50:29 tony2001 Exp $ */

#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -147,7 +147,7 @@
static PHP_MINFO_FUNCTION(posix)
{
        php_info_print_table_start();
-       php_info_print_table_row(2, "Revision", "$Revision: 1.70.2.3.2.12 $");
+       php_info_print_table_row(2, "Revision", "$Revision: 1.92 $");
        php_info_print_table_end();
}
/* }}} */
@@ -224,7 +224,7 @@
        }       \
        RETURN_TRUE;

-/* {{{ proto bool posix_kill(int pid, int sig)
+/* {{{ proto bool posix_kill(int pid, int sig) U
   Send a signal to a process (POSIX.1, 3.3.2) */

PHP_FUNCTION(posix_kill)
@@ -244,7 +244,7 @@
}
/* }}} */

-/* {{{ proto int posix_getpid(void)
+/* {{{ proto int posix_getpid(void) U
   Get the current process id (POSIX.1, 4.1.1) */
PHP_FUNCTION(posix_getpid)
{
@@ -252,7 +252,7 @@
}
/* }}} */

-/* {{{ proto int posix_getppid(void)
+/* {{{ proto int posix_getppid(void) U
   Get the parent process id (POSIX.1, 4.1.1) */
PHP_FUNCTION(posix_getppid)
{
@@ -260,7 +260,7 @@
}
/* }}} */

-/* {{{ proto int posix_getuid(void)
+/* {{{ proto int posix_getuid(void) U
   Get the current user id (POSIX.1, 4.2.1) */
PHP_FUNCTION(posix_getuid)
{
@@ -268,7 +268,7 @@
}
/* }}} */

-/* {{{ proto int posix_getgid(void)
+/* {{{ proto int posix_getgid(void) U
   Get the current group id (POSIX.1, 4.2.1) */
PHP_FUNCTION(posix_getgid)
{
@@ -276,7 +276,7 @@
}
/* }}} */

-/* {{{ proto int posix_geteuid(void)
+/* {{{ proto int posix_geteuid(void) U
   Get the current effective user id (POSIX.1, 4.2.1) */
PHP_FUNCTION(posix_geteuid)
{
@@ -284,7 +284,7 @@
}
/* }}} */

-/* {{{ proto int posix_getegid(void)
+/* {{{ proto int posix_getegid(void) U
   Get the current effective group id (POSIX.1, 4.2.1) */
PHP_FUNCTION(posix_getegid)
{
@@ -292,7 +292,7 @@
}
/* }}} */

-/* {{{ proto bool posix_setuid(long uid)
+/* {{{ proto bool posix_setuid(int uid) U
   Set user id (POSIX.1, 4.2.2) */
PHP_FUNCTION(posix_setuid)
{
@@ -300,7 +300,7 @@
}
/* }}} */

-/* {{{ proto bool posix_setgid(int uid)
+/* {{{ proto bool posix_setgid(int uid) U
   Set group id (POSIX.1, 4.2.2) */
PHP_FUNCTION(posix_setgid)
{
@@ -308,7 +308,7 @@
}
/* }}} */

-/* {{{ proto bool posix_seteuid(long uid)
+/* {{{ proto bool posix_seteuid(int uid) U
   Set effective user id */
#ifdef HAVE_SETEUID
PHP_FUNCTION(posix_seteuid)
@@ -318,7 +318,7 @@
#endif
/* }}} */

-/* {{{ proto bool posix_setegid(long uid)
+/* {{{ proto bool posix_setegid(int uid) U
   Set effective group id */
#ifdef HAVE_SETEGID
PHP_FUNCTION(posix_setegid)
@@ -328,7 +328,7 @@
#endif
/* }}} */

-/* {{{ proto array posix_getgroups(void)
+/* {{{ proto array posix_getgroups(void) U
   Get supplementary group id's (POSIX.1, 4.2.3) */
#ifdef HAVE_GETGROUPS
PHP_FUNCTION(posix_getgroups)
@@ -372,7 +372,7 @@
#endif
/* }}} */

-/* {{{ proto int posix_getpgrp(void)
+/* {{{ proto int posix_getpgrp(void) U
   Get current process group id (POSIX.1, 4.3.1) */
PHP_FUNCTION(posix_getpgrp)
{
@@ -380,7 +380,7 @@
}
/* }}} */

-/* {{{ proto int posix_setsid(void)
+/* {{{ proto int posix_setsid(void) U
   Create session and set process group id (POSIX.1, 4.3.2) */
#ifdef HAVE_SETSID
PHP_FUNCTION(posix_setsid)
@@ -390,7 +390,7 @@
#endif
/* }}} */

-/* {{{ proto bool posix_setpgid(int pid, int pgid)
+/* {{{ proto bool posix_setpgid(int pid, int pgid) U
   Set process group id for job control (POSIX.1, 4.3.3) */
PHP_FUNCTION(posix_setpgid)
{
@@ -409,7 +409,7 @@
}
/* }}} */

-/* {{{ proto int posix_getpgid(void)
+/* {{{ proto int posix_getpgid(void) U

   Get the process group id of the specified process (This is not a POSIX 
function, but a SVR4ism, so we compile conditionally) */

#ifdef HAVE_GETPGID
PHP_FUNCTION(posix_getpgid)
@@ -428,7 +428,7 @@
#endif
/* }}} */

-/* {{{ proto int posix_getsid(void)
+/* {{{ proto int posix_getsid(void) U

   Get process group id of session leader (This is not a POSIX function, 
but a SVR4ism, so be compile conditionally) */

#ifdef HAVE_GETSID
PHP_FUNCTION(posix_getsid)
@@ -447,7 +447,7 @@
#endif
/* }}} */

-/* {{{ proto array posix_uname(void)
+/* {{{ proto array posix_uname(void)
   Get system name (POSIX.1, 4.4.1) */
PHP_FUNCTION(posix_uname)
{
@@ -528,7 +528,7 @@
/* }}} */


/* Checks if the provides resource is a stream and if it provides a file 
descriptor */

-static int php_posix_stream_get_fd(zval *zfp, int *fd TSRMLS_DC)
+static int php_posix_stream_get_fd(zval *zfp, int *fd TSRMLS_DC) /* {{{ */
{
        php_stream *stream;

@@ -547,6 +547,7 @@
        }
        return 1;
}
+/* }}} */

/* {{{ proto string posix_ttyname(int fd)
   Determine terminal device name (POSIX.1, 4.7.2) */
@@ -596,7 +597,7 @@
}
/* }}} */

-/* {{{ proto bool posix_isatty(int fd)
+/* {{{ proto bool posix_isatty(int fd) U
   Determine if filedesc is a tty (POSIX.1, 4.7.1) */
PHP_FUNCTION(posix_isatty)
{
@@ -674,10 +675,6 @@
                RETURN_FALSE;
        }


-	if (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) 
{

-               RETURN_FALSE;
-       }
-
        result = mkfifo(path, mode);
        if (result < 0) {
                POSIX_G(last_error) = errno;
@@ -708,8 +705,7 @@
                RETURN_FALSE;
        }

-       if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||

-			(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) 
{

+       if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
                RETURN_FALSE;
        }

@@ -744,7 +740,9 @@


/* Takes a pointer to posix group and a pointer to an already initialized 
ZVAL

 * array container and fills the array with the posix group member data. */
-int php_posix_group_to_array(struct group *g, zval *array_group) {
+
+int php_posix_group_to_array(struct group *g, zval *array_group) /* {{{ */
+{
        zval *array_members;
        int count;

@@ -766,6 +764,7 @@
        add_assoc_long(array_group, "gid", g->gr_gid);
        return 1;
}
+/* }}} */

/*
        POSIX.1, 5.5.1 unlink()
@@ -792,8 +791,7 @@
                RETURN_FALSE;
        }

-       if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||

-			(PG(safe_mode) && (!php_checkuid_ex(filename, NULL, 
CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS)))) {

+       if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) {
                efree(path);
                POSIX_G(last_error) = EPERM;
                RETURN_FALSE;
@@ -872,7 +870,7 @@
PHP_FUNCTION(posix_getgrgid)
{
        long gid;
-#ifdef HAVE_GETGRGID_R

+#if defined(ZTS) && defined(HAVE_GETGRGID_R) && 
defined(_SC_GETGR_R_SIZE_MAX)

        int ret;
        struct group _g;
        struct group *retgrptr;
@@ -884,7 +882,7 @@

	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &gid) == FAILURE) 
{

                RETURN_FALSE;
        }
-#ifdef HAVE_GETGRGID_R

+#if defined(ZTS) && defined(HAVE_GETGRGID_R) && 
defined(_SC_GETGR_R_SIZE_MAX)


        grbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
        grbuf = emalloc(grbuflen);
@@ -909,13 +907,14 @@

		php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to convert posix group 
struct to array");

                RETVAL_FALSE;
        }
-#ifdef HAVE_GETGRGID_R

+#if defined(ZTS) && defined(HAVE_GETGRGID_R) && 
defined(_SC_GETGR_R_SIZE_MAX)

        efree(grbuf);
#endif
}
/* }}} */

-int php_posix_passwd_to_array(struct passwd *pw, zval *return_value) {

+int php_posix_passwd_to_array(struct passwd *pw, zval *return_value) /* {{{ 
*/

+{
        if (NULL == pw)
                return 0;
        if (NULL == return_value || Z_TYPE_P(return_value) != IS_ARRAY)
@@ -930,6 +929,7 @@
        add_assoc_string(return_value, "shell",     pw->pw_shell, 1);
        return 1;
}
+/* }}} */

/* {{{ proto array posix_getpwnam(string groupname)
   User database access (POSIX.1, 9.2.2) */
@@ -1037,7 +1037,8 @@

/* {{{ posix_addlimit
 */

-static int posix_addlimit(int limit, char *name, zval *return_value 
TSRMLS_DC) {
+static int posix_addlimit(int limit, char *name, zval *return_value 
TSRMLS_DC)

+{
        int result;
        struct rlimit rl;
        char hard[80];
@@ -1148,7 +1149,7 @@

#endif /* HAVE_GETRLIMIT */

-/* {{{ proto int posix_get_last_error(void)
+/* {{{ proto int posix_get_last_error(void) U

   Retrieve the error number set by the last posix function which failed. 
*/

PHP_FUNCTION(posix_get_last_error)
{

==================
Regards,
Nick

_________________________________________________________________

MSN Hotmail is evolving  check out the new Windows Live Mail 
http://ideas.live.com
















    











					Reply via email to