Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:40098
Return-Path: <indeyets@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 4984 invoked from network); 27 Aug 2008 08:30:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Aug 2008 08:30:49 -0000
Authentication-Results: pb1.pair.com smtp.mail=indeyets@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=indeyets@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.44.28 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: indeyets@gmail.com
X-Host-Fingerprint: 74.125.44.28 yx-out-2324.google.com  
Received: from [74.125.44.28] ([74.125.44.28:57812] helo=yx-out-2324.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 1E/30-03720-6B015B84 for <internals@lists.php.net>; Wed, 27 Aug 2008 04:30:48 -0400
Received: by yx-out-2324.google.com with SMTP id 3so1236180yxj.83
        for <internals@lists.php.net>; Wed, 27 Aug 2008 01:30:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type:content-transfer-encoding
         :content-disposition;
        bh=6LaLZwi8MoGTHDd8aMXbE/4DBWfelm2oiAb3cDaN+LM=;
        b=xmHs+IIIZF9vnDWeABu+MHouIJrNJhgMLzXOuuXPmG0sJo002WnvyMUGmkk0O1OuQz
         YO7yGkVzhncUOv87TLYagY1Je0qh4Vi9B2IsbESnYj3WFARiaMBD/VxEcOSfwXbHiqLl
         jj63SnZcx1EyXvmmISzeEU6SnGVxW9sKiS8bE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type
         :content-transfer-encoding:content-disposition;
        b=DxMojuv2o1znE1jpL7jch2uJuzaA5rW9nRqZHDcTwvgpRq78g8ei7OHzLGD1yKvsy2
         L2hrQOocRh2rc7OBW4J4cg3rOurUKLVUUyoHbNB84IFpcQiTl74bybTANF8urMZkitmt
         HJ0F0I1ZXUu6fAvsIk8x5CL4XDgsQLZ5bQaq0=
Received: by 10.150.12.10 with SMTP id 10mr10758839ybl.214.1219825844160;
        Wed, 27 Aug 2008 01:30:44 -0700 (PDT)
Received: by 10.150.186.11 with HTTP; Wed, 27 Aug 2008 01:30:44 -0700 (PDT)
Message-ID: <cd5680a20808270130g5acab941uf9c3e8cc2f66f458@mail.gmail.com>
Date: Wed, 27 Aug 2008 12:30:44 +0400
To: "PHP Internals" <internals@lists.php.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: open_basedir + sessions bug (or a feature?)
From: indeyets@gmail.com ("Alexey Zakhlestin")

ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check
skipping of "/tmp" path for storing session-files, if
sessions.save_path is not manually set.

This leads to the failure of session_save_path_variation5 test on mac
os x, as default temporary path here is "/var/tmp" and not "/tmp"

Anyway, this looks like something done wrong from the beginning.
Shouldn't "/tmp" be explicitly added to open_basedir list? Why should
it have any special meaning?
I propose to remove special treatment of "/tmp" (should be mentioned
in upgrade-docs)

Other option would be to skip check for any path, which is returned by
php_get_temporary_directory() call, but that sounds like a very bad
idea.

-- 
Alexey Zakhlestin
http://blog.milkfarmsoft.com/