Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:66166
Return-Path: <Terry@ellisons.org.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35289 invoked from network); 23 Feb 2013 01:02:48 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Feb 2013 01:02:48 -0000
Authentication-Results: pb1.pair.com smtp.mail=Terry@ellisons.org.uk; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=Terry@ellisons.org.uk; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain ellisons.org.uk from 79.170.44.47 cause and error)
X-PHP-List-Original-Sender: Terry@ellisons.org.uk
X-Host-Fingerprint: 79.170.44.47 mail47.extendcp.co.uk  
Received: from [79.170.44.47] ([79.170.44.47:60172] helo=mail47.extendcp.co.uk)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id D1/57-26685-63518215 for <internals@lists.php.net>; Fri, 22 Feb 2013 20:02:47 -0500
Received: from host81-132-45-215.range81-132.btcentralplus.com ([81.132.45.215] helo=[192.168.1.91])
	by mail47.extendcp.com with esmtpa (Exim 4.80.1)
	id 1U93Vi-0006q9-Gy; Sat, 23 Feb 2013 01:02:42 +0000
Message-ID: <51281531.4010003@ellisons.org.uk>
Date: Sat, 23 Feb 2013 01:02:41 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: Kevin Yung <jwrong@gmail.com>
CC: Brendon Colby <brendon@newgrounds.com>, internals@lists.php.net
References: <CAHHbRnEUVcGqH6+++CWXM6XWobJn5MzKxLdfX9RHxoJ0uXaZdg@mail.gmail.com> <CACA2qWKYmJQXaJGK1UdE3amj4ckO29Jhqdrszehk+yaP6BLjeA@mail.gmail.com>
In-Reply-To: <CACA2qWKYmJQXaJGK1UdE3amj4ckO29Jhqdrszehk+yaP6BLjeA@mail.gmail.com>
Content-Type: multipart/alternative;
 boundary="------------070504020901080600030305"
X-Authenticated-As: Terry@ellisons.org.uk
Subject: Re: [PHP-DEV] PHP causing high number of NFS getattr operations?
From: Terry@ellisons.org.uk (Terry Ellison)

--------------070504020901080600030305
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 19/02/13 01:30, Kevin Yung wrote:
> In our environment, we use NFS for shared storage, we are using APC as well
> with stat=0. In our setting, we also experiencing high number of stat()
> calls on our file system. My initial finding of this problem is we enabled
> the open_basedir setting. And there is already a bug report for this,
> https://bugs.php.net/bug.php?id=52312
>
> We tested the issue in 5.2.x, 5.3.x and 5.4.x, all of them experiencing
> same issue.
Kevin, I've just walked through this in 5.3 and 54 and updated this 
bugrep.  In short there is some silly coding here which should be 
addressed.  Even if we accept that PHP should comply with 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5178 if 
open_basedir is set, then the cache should only be ignored on the actual 
open itself, as this is the only one that is exploitable, but let's have 
this debate on the bugrep.  Let me think about the security and other 
NFRs and propose a patch.

--------------070504020901080600030305--