Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:31361
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 52951 invoked by uid 1010); 2 Aug 2007 01:26:13 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 52928 invoked from network); 2 Aug 2007 01:26:12 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Aug 2007 01:26:12 -0000
Authentication-Results: pb1.pair.com header.from=ilia@prohost.org; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=ilia@prohost.org; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain prohost.org from 64.233.166.177 cause and error)
X-PHP-List-Original-Sender: ilia@prohost.org
X-Host-Fingerprint: 64.233.166.177 py-out-1112.google.com  
Received: from [64.233.166.177] ([64.233.166.177:11812] helo=py-out-1112.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F0/C0-43474-EA231B64 for <internals@lists.php.net>; Wed, 01 Aug 2007 21:26:08 -0400
Received: by py-out-1112.google.com with SMTP id f31so1209619pyh
        for <internals@lists.php.net>; Wed, 01 Aug 2007 18:26:04 -0700 (PDT)
Received: by 10.64.220.8 with SMTP id s8mr2210696qbg.1186017963667;
        Wed, 01 Aug 2007 18:26:03 -0700 (PDT)
Received: from ?192.168.1.110? ( [99.246.70.178])
        by mx.google.com with ESMTPS id f16sm640661qba.2007.08.01.18.26.02
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 01 Aug 2007 18:26:02 -0700 (PDT)
In-Reply-To: <46B129BE.3050807@zend.com>
References: <46B129BE.3050807@zend.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-ID: <DAEB7BF7-6892-4823-9B5C-CCEDE4532462@prohost.org>
Cc: 'PHP Internals' <internals@lists.php.net>
Content-Transfer-Encoding: 7bit
Date: Wed, 1 Aug 2007 21:26:00 -0400
To: Stanislav Malyshev <stas@zend.com>
X-Mailer: Apple Mail (2.752.3)
Subject: Re: [PHP-DEV] ini system patch
From: ilia@prohost.org (Ilia Alshanetsky)

Stas,

It looks like the best solution in this case. I don't like the idea  
of introducing another INI stage in minor release, but I can't think  
of a better way to address this issue at this time and I cannot  
imagine it breaking much stuff.

On 1-Aug-07, at 8:47 PM, Stanislav Malyshev wrote:

> Hi!
>
> The attached patch implements the following improvement in Apache  
> module configuration handling:
>
> New INI stage is introduced - ZEND_INI_STAGE_HTACCESS and values  
> set in .htaccess are passed to handlers with  
> ZEND_INI_STAGE_HTACCESS instead of ZEND_INI_STAGE_ACTIVATE.
>
> The reason for this is that there are values - one of them being  
> session.save_handler - that we want to allow administrator to set  
> to arbitrary values, even not inside open_basedir/safe_mode  
> restrictions, while we do want user-set values to be inside limits.  
> The problem was that right now there's no way to see if the value  
> is set from httpd.conf (admin) or from .htaccess (frequently user- 
> accessible and user-writable). This patch enables to make such  
> distinction.
> I don't see any modules depending on ZEND_INI_STAGE_ACTIVATE but if  
> there would be they can easily be fixed to work with  
> ZEND_INI_STAGE_HTACCESS too. The attached patch is for apache2 SAPI  
> only, but same one would be needed for apache1 API.
>
> This patch will allow proper fix for CVE-2007-3378 (current one  
> breaks BC).
>
> Comments/objections?
> -- 
> Stanislav Malyshev, Zend Software Architect
> stas@zend.com   http://www.zend.com/
> (408)253-8829   MSN: stas@zend.com
> Index: Zend/zend_ini.h
> ===================================================================
> RCS file: /repository/ZendEngine2/zend_ini.h,v
> retrieving revision 1.34.2.1.2.3
> diff -u -r1.34.2.1.2.3 zend_ini.h
> --- Zend/zend_ini.h	1 Jan 2007 09:35:46 -0000	1.34.2.1.2.3
> +++ Zend/zend_ini.h	2 Aug 2007 00:40:52 -0000
> @@ -189,6 +189,7 @@
>  #define ZEND_INI_STAGE_ACTIVATE		(1<<2)
>  #define ZEND_INI_STAGE_DEACTIVATE	(1<<3)
>  #define ZEND_INI_STAGE_RUNTIME		(1<<4)
> +#define ZEND_INI_STAGE_HTACCESS		(1<<5)
>
>  /* INI parsing engine */
>  typedef void (*zend_ini_parser_cb_t)(zval *arg1, zval *arg2, int  
> callback_type, void *arg);
> Index: sapi/apache2handler/apache_config.c
> ===================================================================
> RCS file: /repository/php-src/sapi/apache2handler/apache_config.c,v
> retrieving revision 1.7.2.1.2.2
> diff -u -r1.7.2.1.2.2 apache_config.c
> --- sapi/apache2handler/apache_config.c	1 Jan 2007 09:36:12 -0000	 
> 1.7.2.1.2.2
> +++ sapi/apache2handler/apache_config.c	2 Aug 2007 00:40:52 -0000
> @@ -51,6 +51,7 @@
>  	char *value;
>  	size_t value_len;
>  	char status;
> +    char htaccess;
>  } php_dir_entry;
>
>  static const char *real_value_hnd(cmd_parms *cmd, void *dummy,  
> const char *name, const char *value, int status)
> @@ -67,7 +68,8 @@
>  	e.value = apr_pstrdup(cmd->pool, value);
>  	e.value_len = strlen(value);
>  	e.status = status;
> -	
> +	e.htaccess = ((cmd->override & (RSRC_CONF|ACCESS_CONF)) == 0);
> +
>  	zend_hash_update(&d->config, (char *) name, strlen(name) + 1, &e,  
> sizeof(e), NULL);
>  	return NULL;
>  }
> @@ -170,7 +172,7 @@
>  			zend_hash_move_forward(&d->config)) {
>  		zend_hash_get_current_data(&d->config, (void **) &data);
>  		phpapdebug((stderr, "APPLYING (%s)(%s)\n", str, data->value));
> -		if (zend_alter_ini_entry(str, str_len, data->value, data- 
> >value_len, data->status, PHP_INI_STAGE_ACTIVATE) == FAILURE) {
> +		if (zend_alter_ini_entry(str, str_len, data->value, data- 
> >value_len, data->status, data->htaccess? 
> ZEND_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
>  			phpapdebug((stderr, "..FAILED\n"));
>  		}	
>  	}
>
> -- 
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php

Ilia Alshanetsky