Solaris and getcwd()

17 years ago by Rob Thompson — view source

unread

Hi everyone, I just subscribed to this list in hopes of working out some
PHP bugs that have to do with Solaris.

I've been trying to find out some reason why the getcwd() PHP function
fails under some situations under Solaris. Particularly, when some
component of the file path looks like: d--x--x--x (no read perms). This
appears to be a security feature that Solaris implements that is not
there in Linux. Here is what I found out:

If you are not root AND you want to get your current working directory
that has parents with without 'r' permissions, you must do one of
two things:

a) Execute a `getcwd()` program that is suid-root.

   OR: And this is the strange one...

b) Tell Solaris that you already know where you are!!

You can accomplish (b) by doing a 'cd /mydir/mysubdir/' where mydir has
the permissions (d--x--x--x). Without changing directories with a
fully-qualified path, getcwd() will return NULL.

Here are my questions for the list:

Is there any way for a running non-root instance of PHP under
Apache or another web server to "know where it is" in the directory tree
already, in hopes of implementing (b) above?
I'm assuming that the current functionality of PHP include()
requires stdio's getcwd() in order to function with relative paths. Is
this really the case?
If #1 is possible and #2 is the case, would it be reasonable to
implement a fix for this with doing a chdir(), followed by a getcwd() if
your architecture is Solaris?

I could try and attempt a fix, but my knowledge of the PHP source is
sorely lacking at this time. I'm working on bettering it!

Thanks!
-Rob

17 years ago by Rob Thompson — view source

unread

BTW: Here is the bug that I am referring to:

http://bugs.php.net/bug.php?id=41822

& correction: getcwd() is not an stdio function ;)

Rob Thompson wrote:

Hi everyone, I just subscribed to this list in hopes of working out some
PHP bugs that have to do with Solaris.

I've been trying to find out some reason why the getcwd() PHP function
fails under some situations under Solaris. Particularly, when some
component of the file path looks like: d--x--x--x (no read perms). This
appears to be a security feature that Solaris implements that is not
there in Linux. Here is what I found out:

If you are not root AND you want to get your current working directory
that has parents with without 'r' permissions, you must do one of
two things:
a) Execute a `getcwd()` program that is suid-root.

   OR: And this is the strange one...

b) Tell Solaris that you already know where you are!!
You can accomplish (b) by doing a 'cd /mydir/mysubdir/' where mydir has
the permissions (d--x--x--x). Without changing directories with a
fully-qualified path, getcwd() will return NULL.

Here are my questions for the list:

Is there any way for a running non-root instance of PHP under
Apache or another web server to "know where it is" in the directory tree
already, in hopes of implementing (b) above?

I'm assuming that the current functionality of PHP include()
requires stdio's getcwd() in order to function with relative paths. Is
this really the case?

If #1 is possible and #2 is the case, would it be reasonable to
implement a fix for this with doing a chdir(), followed by a getcwd() if
your architecture is Solaris?

I could try and attempt a fix, but my knowledge of the PHP source is
sorely lacking at this time. I'm working on bettering it!

Thanks!
-Rob

17 years ago by Antony Dovgal — view source

unread

I've been trying to find out some reason why the getcwd() PHP function
fails under some situations under Solaris. Particularly, when some
component of the file path looks like: d--x--x--x (no read perms). This
appears to be a security feature that Solaris implements that is not
there in Linux.

I would not call it a security feature.

a) Execute a `getcwd()` program that is suid-root.

UNpossible.

b) Tell Solaris that you already know where you are!!

That's exactly what we're trying to figure out, isn't it?

Is there any way for a running non-root instance of PHP under
Apache or another web server to "know where it is" in the directory tree
already, in hopes of implementing (b) above?

To "know where it is" it has to call getcwd(), which doesn't work on Solaris,
or do you know any other ways to get current working dir?

I'm assuming that the current functionality of PHP include()
requires stdio's getcwd() in order to function with relative paths. Is
this really the case?

Sure.

If #1 is possible and #2 is the case, would it be reasonable to
implement a fix for this with doing a chdir(), followed by a getcwd() if
your architecture is Solaris?

chdir() to where?
We need to call getcwd() to know where we are to do chdir(there).

--
Wbr,
Antony Dovgal

17 years ago by Rob Thompson — view source

unread

Right. This does appear to be a "chicken or the egg" issue. Also,
turns out (b) below is only the shell caching your last successful cd
and spitting it back, not the result of a successful getcwd() call. So
really, with Solaris, there is not even any chicken ;)

Would it be reasonable to catch for a NULL getcwd() and simply return
"." (you are where you are, wherever that is)?

I think that this would be universally acceptable and it would at least
allow relative paths in include()'s. Not quite sure of the security
issues here.

Relative references and directory navigation still work in Solaris, even
with the getcwd() bug/issue:

[1310][root@opteron:/]$ find ./test -ls
449400 1 d--x--x--x 4 root root 512 Oct 2 13:07 ./test
449401 1 d--x--x--x 2 root root 512 Oct 2 13:07
./test/testa
449403 1 d--x--x--x 2 root root 512 Oct 2 13:08
./test/testb
449405 1 -r--r--r-- 1 root root 5 Oct 2 13:08
./test/testb/testfile
[1311][root@opteron:/]$ su nobody
$ cd /test/testa
$ cat ../testb/testfile
test
$

Antony Dovgal wrote:

I've been trying to find out some reason why the getcwd() PHP function
fails under some situations under Solaris. Particularly, when some
component of the file path looks like: d--x--x--x (no read perms). This
appears to be a security feature that Solaris implements that is not
there in Linux.

I would not call it a security feature.
a) Execute a `getcwd()` program that is suid-root.
UNpossible.
b) Tell Solaris that you already know where you are!!
That's exactly what we're trying to figure out, isn't it?

Is there any way for a running non-root instance of PHP under
Apache or another web server to "know where it is" in the directory tree
already, in hopes of implementing (b) above?

To "know where it is" it has to call getcwd(), which doesn't work on Solaris,
or do you know any other ways to get current working dir?

I'm assuming that the current functionality of PHP include()
requires stdio's getcwd() in order to function with relative paths. Is
this really the case?

Sure.

If #1 is possible and #2 is the case, would it be reasonable to
implement a fix for this with doing a chdir(), followed by a getcwd() if
your architecture is Solaris?

chdir() to where?
We need to call getcwd() to know where we are to do chdir(there).