Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95327 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 59333 invoked from network); 19 Aug 2016 19:31:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Aug 2016 19:31:37 -0000 Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.22 as permitted sender) X-PHP-List-Original-Sender: cmbecker69@gmx.de X-Host-Fingerprint: 212.227.17.22 mout.gmx.net Received: from [212.227.17.22] ([212.227.17.22:50981] helo=mout.gmx.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 74/66-17996-79E57B75 for ; Fri, 19 Aug 2016 15:31:35 -0400 Received: from [192.168.2.103] ([79.243.115.246]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lb5Tp-1auvCC3bPV-00kdcn; Fri, 19 Aug 2016 21:31:30 +0200 To: Davey Shafik References: <036401d1f30f$afa85a40$0ef90ec0$@belski.net> <3dc2f23a-c4fb-a63d-ab7f-fa841091b313@gmx.de> <53037294-e8ed-31c8-95ef-522e02333e7c@gmx.de> Cc: Anatol Belski , "internals@lists.php.net" Message-ID: Date: Fri, 19 Aug 2016 21:31:49 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:SIBZiJKoegJCj3MFNFlOIvOCPAWRQqKyHcGWyvC8RDIuBBvdagM czzX4Y3uA1r/G3w5TWcQDvWQ9678WWK4Sk2bWN9IqM1YyKeQBvvEiHUsp+dXdYNdDUtHuJ+ /gqaYc2pmu02lsY8YbqLdTwQddL6yt7cbNO+V5x6f5yz/YJnpFIDvYqEVRTvcfmQAp9dR2z bbqdYdPtYjFsY426oJ84g== X-UI-Out-Filterresults: notjunk:1;V01:K0:Se9nTyy1akE=:roRuNgMW1htzc7Gkm9qsNl doxsTB0mqJl6SquKRTs7l11u06Qh9i73/eQ4WG65NTyfDC/fLkWbbYOC1LsKntHALjvS2XVeF bEW2IeIJlvzCxmTXjuNUmw9udyKPdxVhkAM2te/KrcwyC5UMj1zdhyPrfeKslCckXJI0JX7cr ehqOzhoPjXTpxRw7k1VwEm69+Z8wDhCU6XRoDyMPmuy8pt5ctBOQRR3MwBUFYTmTdOph6hQ2V YqsByC9OGvqp8j8tR1P74up9do4Q+RgZdjBWLzoMVS1HSh0yDBuv8g7b6kCs6/PMk9Xy5vDFy G4rcAhr4itv0jYTmlpLMzVPEHefO91psLivFZqCMKv2SllX4xZqN/3+G/M8vg6urDdfCv+oXa CvbY812Ve/P0ATtvqVgBQNCega4cdZ8BwaQxPPRxmIyi88QAcVlJkII+DGBE++wGH/0+U6pKk FDxwNSlXr+ccDrs/jLnViMI08eqsbJBItRtbQV6BY2i0sceFP/dWPoBHkSwYkx9LYNlZc93p3 I8x8uomQyy222f6s6lRIxom2HXdaeJFuopDdWJb3P5wwvnWjhtSlWRWs2tS/iiqBb0T803tZu GcByFG8+AiwrRYPEoxDyMR+55aU3W5/gPGxjJ9yn+fsinl97aE5aRSPEmOPlQxgIDR3VNm2dI JFYbRkj7bgF5WVazhAI3cxdDEHB6E+WGz2MJyB50GRcXP2AQBLOdrsSxkcqL68/vI1qXwm5Z7 5hbROKV5FqD92kiZXUKlas2CVOpMPWY+xrEf4tUzEQzRJtbVEgpSFhQp1gbuTV0RJor0kH6Te EOv2/mV Subject: Re: [PHP-DEV] SQLite 3.14 From: cmbecker69@gmx.de ("Christoph M. Becker") On 19.08.2016 at 19:09, Davey Shafik wrote: > I got the failure multiple times in my Debian Jessie docker container that > I use for builds - you can check it out yourself at > https://github.com/dshafik/php-build to see the setup. > > Thanks for looking into this! Of course! And thanks for the link to your docker container. I've tried to reproduce the test failure in a similar environment, but the test always passed. I've also reviewed the latest commits to ext/sqlite3/sqlite3.c, but I couldn't find anything that might have caused the regression. I'm at a loss – would it be possible to augment the test with some hopefully helpful diagnostic messages and a check whether touch()ing this filename would fail? I mean something like this: ext/sqlite3/tests/sqlite3_21_security.phpt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/sqlite3/tests/sqlite3_21_security.phpt b/ext/sqlite3/tests/sqlite3_21_security.phpt index f28c736..b8962a8 100644 --- a/ext/sqlite3/tests/sqlite3_21_security.phpt +++ b/ext/sqlite3/tests/sqlite3_21_security.phpt @@ -18,6 +18,8 @@ unlink($directory . $file); echo "Above test directory\n"; try { $db = new SQLite3('../bad' . $file); + var_dump($db, getcwd(), $file, realpath('../bad' . $file)); + touch('../bad' . $file); } catch (Exception $e) { echo $e . "\n"; } If it would be too much work for you to test a modified version, this patch might be committed to PHP 7.0 (the code is dead code anyway, if the test succeeds), and maybe removed later. BTW: do you deliberately run the tests without -n in ? Regards, Christoph > - Davey > On Sat, Aug 20, 2016 at 01:35 Christoph M. Becker wrote: > >> Hi Davey! >> >> On 19.08.2016 at 15:32, Davey Shafik wrote: >> >>> I saw this failure while packaging 7.1.0beta3, and assume it might be >>> related to your update: >>> >>> FAIL SQLite3 open_basedir checks >>> [ext/sqlite3/tests/sqlite3_21_security.phpt] >>> >>> ========DIFF======== >>> 006- >>> 007- Warning: SQLite3::__construct(): open_basedir restriction in effect. >>> File(%s) is not within the allowed path(s): (.) in >>> %ssqlite3_21_security.php on line %d >>> 008- Exception: open_basedir prohibits opening %s in >>> %ssqlite3_21_security.php:%d >>> 009- Stack trace: >>> 010- #0 %ssqlite3_21_security.php(%d): SQLite3->__construct('%s') >>> 011- #1 {main} >>> ========DONE======== >>> >>> Can you please look into this in time for RC1? >> >> I've just checked again with the tagged PHP-7.1.0beta3, but the test >> succeeds on my machine. Therefore it's hard for me to assess what is >> wrong. According to the diff, it appears that the second DB which >> shouldn't be created according to the open_basedir restriction, is >> actually successfully created. >> >> Anyway, it's rather unlikely that an open_basedir related failure is >> caused by updating SQLite, as this check is part of the PHP binding[1], >> which has not been affected by this commit. The issue might be caused >> by commit cc125f27[2], but that's also somewhat unlikely, because the >> Travis checks usually succeed generally. >> >> Can you reproduce the test failure? In which enviroment? >> >> [1] > /sqlite3.c#L125 >> >>> >> [2] >> >> -- >> Christoph M. Becker >> >