Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96807
Return-Path: <dmitry@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 27466 invoked from network); 10 Nov 2016 08:52:05 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Nov 2016 08:52:05 -0000
Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 104.47.37.118 as permitted sender)
X-PHP-List-Original-Sender: dmitry@zend.com
X-Host-Fingerprint: 104.47.37.118 mail-cys01nam02on0118.outbound.protection.outlook.com  
Received: from [104.47.37.118] ([104.47.37.118:43520] helo=NAM02-CY1-obe.outbound.protection.outlook.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A1/CE-15787-33534285 for <internals@lists.php.net>; Thu, 10 Nov 2016 03:52:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=RWSoftware.onmicrosoft.com; s=selector1-zend-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=A8eXHV9RMaXIXTjPdJMm0W7Irr1rLtbSat1g1Dp0kq8=;
 b=aWkS3WmN9POdFm9+j/MvAUBjQkDFKEZUVY98YFL4Y5kp+rTgM4XX30b9LMDCn9lLAvIbSvCcJNlMzplox85X16DIsdkuWBZjvTLvP83FBIWHwWU8TL+zeDkwgU/o1S9t55dIfnpRcmIBmzhnx43LPcYk7IfdN4kjGn0gqG0G7XA=
Received: from MWHPR02MB2477.namprd02.prod.outlook.com (10.168.204.147) by
 BLUPR02MB296.namprd02.prod.outlook.com (10.141.77.25) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.707.6; Thu, 10 Nov 2016 08:51:59 +0000
Received: from MWHPR02MB2477.namprd02.prod.outlook.com ([10.168.204.147]) by
 MWHPR02MB2477.namprd02.prod.outlook.com ([10.168.204.147]) with mapi id
 15.01.0659.035; Thu, 10 Nov 2016 08:51:58 +0000
To: "php-dev@coydogsoftware.net" <php-dev@coydogsoftware.net>,
	"internals@lists.php.net" <internals@lists.php.net>, "rasmus@lerdorf.com"
	<rasmus@lerdorf.com>, Zeev Suraski <zeev@zend.com>, "Anatol Belski
 (ab@php.net)" <ab@php.net>
Thread-Topic: [PATCH] opcache bug #69090, prepend user identifier to keys
Thread-Index: AQHSNoqbD4h3upkAiEqzeDgxtnu8QqDR7o2X
Date: Thu, 10 Nov 2016 08:51:58 +0000
Message-ID: <MWHPR02MB2477D7E9020C36136D13F10BBFB80@MWHPR02MB2477.namprd02.prod.outlook.com>
References: <c807ed0e31518329dd1c1c04ffea8bee@coydogsoftware.net>
In-Reply-To: <c807ed0e31518329dd1c1c04ffea8bee@coydogsoftware.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=dmitry@zend.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [25.164.163.132]
x-microsoft-exchange-diagnostics: 1;BLUPR02MB296;7:+CFDelQ2DdfqGmBS5fT64scEWgUOnPtotSnj8CnNHMWnegtgaUyvCgpg8uP2XXiL4nzXQqquIar6C2FpEUqXQYkEzuXxzihtq2T0OOhSXIxe+2Mnz3GV1CPKxUNIBovuntz0DCddc9hQl3GvCnhwCnkomZHxRCl6I6YE1tUrogfgkvZncOd3Gl1NsY0nAJU/tsjmkPLpMx14LNC4p5+dQi0Ptl3KZQ1oq/pXPOYTn004r79maD4U5TklXApe/UWIX9iySqRdqIMj6oI8eHo4cdeMydLP3yfqnEjPTnTHvfJLyUSwKg8WXUcSbj1/N4cXMs/hIVXcGSibnUm1erIcNxFIodR/ZUi6nhryIbMsiR4=
x-ms-office365-filtering-correlation-id: 47abcc0f-7cc0-459d-4db0-08d40946d498
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BLUPR02MB296;
x-microsoft-antispam-prvs: <BLUPR02MB2961FFCF30DB081DC2F889CBFB80@BLUPR02MB296.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001);SRVR:BLUPR02MB296;BCL:0;PCL:0;RULEID:;SRVR:BLUPR02MB296;
x-forefront-prvs: 01221E3973
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(7916002)(377454003)(199003)(189002)(3846002)(68736007)(6116002)(586003)(81166006)(86362001)(102836003)(81156014)(7696004)(87936001)(2950100002)(76576001)(66066001)(5660300001)(76176999)(54356999)(50986999)(7846002)(189998001)(106356001)(106116001)(33656002)(8676002)(2501003)(5890100001)(105586002)(99286002)(16799955002)(7906003)(107886002)(101416001)(122556002)(2201001)(92566002)(74316002)(2900100001)(97736004)(5001770100001)(77096005)(2906002)(7736002)(8936002)(229853002)(3660700001)(3280700002)(9686002);DIR:OUT;SFP:1102;SCL:1;SRVR:BLUPR02MB296;H:MWHPR02MB2477.namprd02.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
received-spf: None (protection.outlook.com: zend.com does not designate
 permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
	boundary="_000_MWHPR02MB2477D7E9020C36136D13F10BBFB80MWHPR02MB2477namp_"
MIME-Version: 1.0
X-OriginatorOrg: zend.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2016 08:51:58.3382
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 32210298-c08b-4829-8097-6b12c025a892
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR02MB296
Subject: Re: [PATCH] opcache bug #69090, prepend user identifier to keys
From: dmitry@zend.com (Dmitry Stogov)

--_000_MWHPR02MB2477D7E9020C36136D13F10BBFB80MWHPR02MB2477namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,


sorry for delay. I've traveled.


I see the problem(s) and I took a look into the patch.


From the first look, I don't like the proposed solution.

It makes things a bit better, but can't solve shared-hosting configuration =
problems.

It doesn't solve even the simple chroot file resolution problem in general =
(one user ma have few chroot environments with conflicting file names).

I'm not sure, if it's possible to make chroot on Windows, so why we need to=
 add windows user names?

The patch introduces syscall in the hot function (this may be optimized).


I'm open for discussion and may change my mind. I'll also try to find a bet=
ter solution. Any suggestions are welcome.


Thanks. Dmitry.



________________________________
From: php-dev@coydogsoftware.net <php-dev@coydogsoftware.net>
Sent: Friday, November 4, 2016 2:00:03 PM
To: internals@lists.php.net
Cc: Dmitry Stogov
Subject: [PATCH] opcache bug #69090, prepend user identifier to keys

Hello,

I'm CCing Dmitry Stogov as maintainer because he's listed as an author
in ext/opcache/ZendAccelerator.c and has recent commits.

I've attached a patch for bug #69090. You can find a more detailed
writeup at https://bugs.php.net/bug.php?id=3D69090 . In short, the patch
adds EUID or Windows username at the beginning of OPCache keys to
prevent cross-user cache access, which will hopefully alleviate security
concerns of enabling OPCache on shared hosting servers.

I took this in a different direction than that proposed in bug #69090
(prepending inode to key) because I feel it more effectively addresses
the cross-user security concerns.

I don't have a test script yet because the change is transparent to
scripts, but I could probably cobble one together by checking OPCache
debug log for key names. I do intend to port this forward to PHP7 head,
but in my opinion the existing behavior in 5.6 is a serious
vulnerability which warrants a maintenance patch. If needed I can
provide working exploit scripts to demonstrate how bad the existing
behavior is for shared servers using OPCache.

I was hoping to get some feedback before I put in the effort to port
this to PHP7.

Thanks,
--
- php-dev@coydogsoftware.net

--_000_MWHPR02MB2477D7E9020C36136D13F10BBFB80MWHPR02MB2477namp_--