Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 162332 - is_writable() and is_readable() return false when access is permitted via ACL
Summary: is_writable() and is_readable() return false when access is permitted via ACL
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: php
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL: http://bugs.php.net/bug.php?id=30931
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-02 21:20 UTC by Pete Chown
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: fc6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-01-20 16:07:35 UTC


Attachments (Terms of Use)
Patch for this issue from bugs.php.net (deleted)
2005-07-02 21:22 UTC, Pete Chown
no flags Details | Diff

Description Pete Chown 2005-07-02 21:20:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
PHP 5 attempts to work out whether a user has access to a file using the stat structure.  Of course this fails with ACLs, SELinux, and so on.  This has been reported at http://bugs.php.net/bug.php?id=30931 and a patch exists, which I will attach.

I can confirm that the patch works on FC4.  I think the PHP people may be concerned that it will break on other architectures; the author says that he thinks some more ifdefs may be required.  At any rate, there has been no feedback about getting the patch incorporated into the next general PHP release.

What I am wondering is whether Fedora would be prepared to include the patch in the next update of PHP, until this issue is fixed upstream.  This issue is more of a nuisance than it may first appear; for example it means that access to Smarty's cache directory cannot be granted using an ACL, and so on.

Version-Release number of selected component (if applicable):
php-5.0.4-10.i386.rpm

How reproducible:
Always

Steps to Reproduce:
1.  Install Apache and PHP from FC4.

2.  Create a website using Smarty.  Grant access to the compiled templates (templates_c) directory using an ACL.  For example "setfacl -m g:apache:rwx templates_c".

3.  Ensure that Apache does not have access to this directory for any other reason, for example it must not be mode 777.


Actual Results:  Smarty will refuse to load templates, believing that the templates_c directory is not writable.

Expected Results:  Smarty should have loaded the templates and written them to the directory, which is in fact writable.

Additional info:

Comment 1 Pete Chown 2005-07-02 21:22:17 UTC
Created attachment 116296 [details]
Patch for this issue from bugs.php.net

Comment 2 Joe Orton 2005-07-05 15:35:09 UTC
Thanks for the report, this looks reasonable (and sorry, this just missed the
5.0.4-10.3 update which just released today).

Comment 3 Pete Chown 2005-07-05 15:49:53 UTC
Thank you for offering to carry the patch (and don't worry about today's update,
I've built PHP once with this patch included, so it's not too hard to do it again).

Comment 4 Pete Chown 2005-08-29 20:11:23 UTC
Just wanted to point out that this patch was missing from the latest PHP update
(php-5.0.4-10.4).  Don't worry about it, these things happen -- but it would be
very helpful if it could be bundled with a future release.

Comment 5 Joe Orton 2005-08-30 09:56:26 UTC
Actually I looked at this more carefully and would rather submit this for review
upstream first.

Comment 6 Christian Iseli 2007-01-20 00:41:14 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 7 Pete Chown 2007-01-20 16:07:35 UTC
Looks like it's fixed so I'll close the bug.


Note You need to log in before you can comment on or make changes to this bug.