Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:31375
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 2342 invoked by uid 1010); 2 Aug 2007 12:15:20 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 2326 invoked from network); 2 Aug 2007 12:15:20 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Aug 2007 12:15:20 -0000
Authentication-Results: pb1.pair.com smtp.mail=ilia@prohost.org; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=ilia@prohost.org; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain prohost.org from 64.233.166.179 cause and error)
X-PHP-List-Original-Sender: ilia@prohost.org
X-Host-Fingerprint: 64.233.166.179 py-out-1112.google.com  
Received: from [64.233.166.179] ([64.233.166.179:5710] helo=py-out-1112.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DF/E1-06390-5DAC1B64 for <internals@lists.php.net>; Thu, 02 Aug 2007 08:15:19 -0400
Received: by py-out-1112.google.com with SMTP id f31so1561044pyh
        for <internals@lists.php.net>; Thu, 02 Aug 2007 05:15:15 -0700 (PDT)
Received: by 10.35.128.1 with SMTP id f1mr2721020pyn.1186056915174;
        Thu, 02 Aug 2007 05:15:15 -0700 (PDT)
Received: from ?192.168.1.119? ( [204.101.63.110])
        by mx.google.com with ESMTPS id f79sm2181788pyh.2007.08.02.05.15.14
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 02 Aug 2007 05:15:14 -0700 (PDT)
In-Reply-To: <403752205.20070802134118@marcus-boerger.de>
References: <46B129BE.3050807@zend.com> <DAEB7BF7-6892-4823-9B5C-CCEDE4532462@prohost.org> <403752205.20070802134118@marcus-boerger.de>
Mime-Version: 1.0 (Apple Message framework v752.3)
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-ID: <79496594-20B5-40C4-AC22-1F3DE99BA695@prohost.org>
Cc: PHP Internals <internals@lists.php.net>
Content-Transfer-Encoding: 7bit
Date: Thu, 2 Aug 2007 08:15:13 -0400
To: Marcus Boerger <helly@php.net>
X-Mailer: Apple Mail (2.752.3)
Subject: Re: [PHP-DEV] ini system patch
From: ilia@prohost.org (Ilia Alshanetsky)

Marcus,

Well, do you propose we leave the issue be until 5.3?


On 2-Aug-07, at 7:41 AM, Marcus Boerger wrote:

> Hello Ilia,
>
>   as much as i agree with ading the stage it is a BC issue!
>
> Thursday, August 2, 2007, 3:26:00 AM, you wrote:
>
>> Stas,
>
>> It looks like the best solution in this case. I don't like the idea
>> of introducing another INI stage in minor release, but I can't think
>> of a better way to address this issue at this time and I cannot
>> imagine it breaking much stuff.
>
>> On 1-Aug-07, at 8:47 PM, Stanislav Malyshev wrote:
>
>>> Hi!
>>>
>>> The attached patch implements the following improvement in Apache
>>> module configuration handling:
>>>
>>> New INI stage is introduced - ZEND_INI_STAGE_HTACCESS and values
>>> set in .htaccess are passed to handlers with
>>> ZEND_INI_STAGE_HTACCESS instead of ZEND_INI_STAGE_ACTIVATE.
>>>
>>> The reason for this is that there are values - one of them being
>>> session.save_handler - that we want to allow administrator to set
>>> to arbitrary values, even not inside open_basedir/safe_mode
>>> restrictions, while we do want user-set values to be inside limits.
>>> The problem was that right now there's no way to see if the value
>>> is set from httpd.conf (admin) or from .htaccess (frequently user-
>>> accessible and user-writable). This patch enables to make such
>>> distinction.
>>> I don't see any modules depending on ZEND_INI_STAGE_ACTIVATE but if
>>> there would be they can easily be fixed to work with
>>> ZEND_INI_STAGE_HTACCESS too. The attached patch is for apache2 SAPI
>>> only, but same one would be needed for apache1 API.
>>>
>>> This patch will allow proper fix for CVE-2007-3378 (current one
>>> breaks BC).
>>>
>>> Comments/objections?
>>> --  
>>> Stanislav Malyshev, Zend Software Architect
>>> stas@zend.com   http://www.zend.com/
>>> (408)253-8829   MSN: stas@zend.com
>>> Index: Zend/zend_ini.h
>>> ===================================================================
>>> RCS file: /repository/ZendEngine2/zend_ini.h,v
>>> retrieving revision 1.34.2.1.2.3
>>> diff -u -r1.34.2.1.2.3 zend_ini.h
>>> --- Zend/zend_ini.h   1 Jan 2007 09:35:46 -0000       1.34.2.1.2.3
>>> +++ Zend/zend_ini.h   2 Aug 2007 00:40:52 -0000
>>> @@ -189,6 +189,7 @@
>>>  #define ZEND_INI_STAGE_ACTIVATE              (1<<2)
>>>  #define ZEND_INI_STAGE_DEACTIVATE    (1<<3)
>>>  #define ZEND_INI_STAGE_RUNTIME               (1<<4)
>>> +#define ZEND_INI_STAGE_HTACCESS              (1<<5)
>>>
>>>  /* INI parsing engine */
>>>  typedef void (*zend_ini_parser_cb_t)(zval *arg1, zval *arg2, int
>>> callback_type, void *arg);
>>> Index: sapi/apache2handler/apache_config.c
>>> ===================================================================
>>> RCS file: /repository/php-src/sapi/apache2handler/apache_config.c,v
>>> retrieving revision 1.7.2.1.2.2
>>> diff -u -r1.7.2.1.2.2 apache_config.c
>>> --- sapi/apache2handler/apache_config.c       1 Jan 2007 09:36:12  
>>> -0000
>>> 1.7.2.1.2.2
>>> +++ sapi/apache2handler/apache_config.c       2 Aug 2007 00:40:52  
>>> -0000
>>> @@ -51,6 +51,7 @@
>>>       char *value;
>>>       size_t value_len;
>>>       char status;
>>> +    char htaccess;
>>>  } php_dir_entry;
>>>
>>>  static const char *real_value_hnd(cmd_parms *cmd, void *dummy,
>>> const char *name, const char *value, int status)
>>> @@ -67,7 +68,8 @@
>>>       e.value = apr_pstrdup(cmd->pool, value);
>>>       e.value_len = strlen(value);
>>>       e.status = status;
>>> -
>>> +     e.htaccess = ((cmd->override & (RSRC_CONF|ACCESS_CONF)) == 0);
>>> +
>>>       zend_hash_update(&d->config, (char *) name, strlen(name) +  
>>> 1, &e,
>>> sizeof(e), NULL);
>>>       return NULL;
>>>  }
>>> @@ -170,7 +172,7 @@
>>>                       zend_hash_move_forward(&d->config)) {
>>>               zend_hash_get_current_data(&d->config, (void **)  
>>> &data);
>>>               phpapdebug((stderr, "APPLYING (%s)(%s)\n", str,  
>>> data->value));
>>> -             if (zend_alter_ini_entry(str, str_len, data->value,  
>>> data-
>>>> value_len, data->status, PHP_INI_STAGE_ACTIVATE) == FAILURE) {
>>> +             if (zend_alter_ini_entry(str, str_len, data->value,  
>>> data-
>>>> value_len, data->status, data->htaccess?
>>> ZEND_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
>>>                       phpapdebug((stderr, "..FAILED\n"));
>>>               }
>>>       }
>>>
>>> -- 
>>> PHP Internals - PHP Runtime Development Mailing List
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>
>> Ilia Alshanetsky
>
>
>
>
> Best regards,
>  Marcus
>

Ilia Alshanetsky