Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Process] Also checkPATH inExecutableFinder ifopen_basedir is set#57954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Closed

Conversation

@fritzmg
Copy link
Contributor

@fritzmgfritzmg commentedAug 8, 2024
edited
Loading

QA
Branch?5.4
Bug fix?yes
New feature?no
Deprecations?no
Issues
LicenseMIT

The current version of theExecutableFinder only checks the paths in theopen_basedir when set. However, this will cause theExecutableFinder not find the executable in question if it is in a subfolder of one of theopen_basedir paths.

For example the environment might be configured as follows:

  • PATH=/usr/bin
  • open_basedir=/usr

In this case theExecutableFinder only checks the/usr folder and won't find the binaries in/usr/bin, even though the PHP process would be allowed to access/usr/bin, as theopen_basedir restriction allows access to subfolders.

This PR fixes that by always adding the paths fromPATH to the directories to be checked.

Note: this is not an issue in Symfony 6.4+. Theopen_basedir logic does not exist there and thus that problem does not exist there.

ausi reacted with thumbs up emoji
@nicolas-grekas
Copy link
Member

Thanks for the nice explanations.
Checking the CI, the failure seems related, can you please have a look?

@fritzmg
Copy link
ContributorAuthor

Checking the CI, the failure seems related, can you please have a look?

Unfortunately I am on Windows and execution of these tests are excluded on Windows 🙈. Thus I did not investigate how the tests would need to be adjusted 🤔

@xabbuh
Copy link
Member

I think a proper fix would be to instead use the configured open basedir to ignore the directories defined in$PATH that are not usable by the PHP process:#58008

@fritzmg
Copy link
ContributorAuthor

I think a proper fix would be to instead use the configured open basedir to ignore the directories defined in$PATH that are not usable by the PHP process

That's already the case with the current code.

@stof
Copy link
Member

@fritzmg no. in your PR, you search in PATH even if it is outside the open_basedir restriction, because you don't filter the list

@fritzmg
Copy link
ContributorAuthor

@stof yes, because it is not necessary to do that. See the comments in the other PR.@xabbuh 's PR now also does not filter the paths.

@nicolas-grekas
Copy link
Member

Closing in favor of#58291

nicolas-grekas added a commit that referenced this pull requestSep 17, 2024
…sedir (BlackbitDevs)This PR was merged into the 5.4 branch.Discussion----------[Process] Fix finding executables independently of open_basedir| Q             | A| ------------- | ---| Branch?       | 5.4| Bug fix?      | yes| New feature?  | no| Deprecations? | no| Issues        | -| License       | MITThis backports#47422 to 5.4, which is a bugfix really.Instead of#58008 and#57954 /cc `@xabbuh` `@fritzmg`Commits-------4424763 [Process] Fix finding executables independently of open_basedir
@fritzmgfritzmg deleted the openbasedir-executable-finder branchMarch 15, 2025 16:21
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Projects

None yet

Milestone

5.4

Development

Successfully merging this pull request may close these issues.

5 participants

@fritzmg@nicolas-grekas@xabbuh@stof@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp