Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:19666 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 56605 invoked by uid 1010); 19 Oct 2005 01:45:42 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 56589 invoked from network); 19 Oct 2005 01:45:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Oct 2005 01:45:42 -0000 X-Host-Fingerprint: 137.111.1.11 sunb.ocs.mq.edu.au Solaris 2.5-7 Received: from ([137.111.1.11:51341] helo=sunb.ocs.mq.edu.au) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id EC/D0-22302-445A5534 for ; Tue, 18 Oct 2005 21:45:41 -0400 Received: from gwc2cn01.its.mq.edu.au (gwc2cn01.its.mq.edu.au [137.111.2.76]) by sunb.ocs.mq.edu.au (8.10.2/8.10.2) with ESMTP id j9J1glF07287 for ; Wed, 19 Oct 2005 11:42:48 +1000 (EST) Received: from IA01DM-MTA by gwc2cn01.its.mq.edu.au with Novell_GroupWise; Tue, 18 Oct 2005 10:31:34 +1000 Message-ID: X-Mailer: Novell GroupWise Internet Agent 6.5.3 Date: Tue, 18 Oct 2005 10:31:22 +1000 To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: is_writable & ACLs (Bug #14923) From: Simon.Kissane@its.mq.edu.au ("Simon Kissane") Hi Bug #14923 concerns PHP's is_writable, etc., functions & POSIX ACLs. Likewise, Bug #30931 concerns the same thing. According to this bug, PHP is not using the access() system call to determine file access, but doing its own computation based on the file's uid, gid, groups & mode. Now, the bug tracking system reports that sterling fixed this in CVS on 2 Jul 2002. However, my testing in PHP 5.0.5 indicates this bug is still there. Comments of various people in #30931 confirm this. #30931 was marked "no feedback"... And examining the PHP source code for 5.0.5 (ext/standard/filestat.c), I see it is still doing its on computation rather than calling the access() system call. Under 4.3.11, I observe in the same file that it is calling VCWD_ACCESS, but only under WIN32. Using access() rather than doing a computation based on access modes is the "Right Thing To Do", since most modern OSs support significantly more complex security architectures than can be expressed using traditional unix permissions. And frankly, how the OS' security model works in not something PHP should be concerned with. It should simply ask the OS to do all that working out for it... Cheers Simon Kissane ---------------------------------------------- Simon Kissane Web Developer/Programmer Macquarie University 2109 Simon.Kissane@mq.edu.au +61 2 9850 6552 ----------------------------------------------