[Process] Decouple Process::findExecutable() from open_basedir by Luc45 · Pull Request #54151 · symfony/symfony

Luc45 · 2024-03-04T15:10:41Z

Q	A
Branch?	5.4
Bug fix?	yes
New feature?	no
Deprecations?	no
Issues	Fix #41006
License	MIT

This PR ports the PR #47422 to Symfony Process 5.4

Luc45 · 2024-03-04T15:29:37Z

This PR has a failing test because we only run SIGCHILD tests on PHP 7.2.

I wonder if this is specific to 7.2, or if we would see the same failures if we ran it on PHP 8+, too...?

derrabus · 2024-03-05T08:56:49Z

#47422 was merged as a feature into 6.4 which was still under development at that time. If you want us to reclassify this change as a bugfix, I think you need to elaborate on that. Otherwise, this PR will be closed soon because we don't backport features to LTS branches.

Luc45 · 2024-03-05T12:45:10Z

Got it. I believe this is a bug.

$finder = new \Symfony\Component\Process\ExecutableFinder();

$finder->find('docker'); // /usr/bin/docker
exec('which docker') // /user/bin/docker

ini_set('open_basedir', '/tmp/foo');

$finder->find('docker'); // null
exec('which docker') // /user/bin/docker

Luc45 · 2024-03-05T20:48:24Z

Actually, this behavior is present on Process ^5, ^6, and ^7. PR #47422 doesn't solve it as I expected.

php foo.php                                                                                                                                                                                                          [24/03/5| 5:45]
string(15) "/usr/bin/docker"
string(15) "/usr/bin/docker"
NULL
string(15) "/usr/bin/docker"

Test file:

<?php

require __DIR__ . '/vendor/autoload.php';

$finder = new \Symfony\Component\Process\ExecutableFinder();

var_dump($finder->find('docker'));
var_dump(exec('which docker'));

ini_set('open_basedir', '/tmp/foo');

var_dump($finder->find('docker'));
var_dump(exec('which docker'));

Luc45 · 2024-03-05T21:00:41Z

It seems that is_executable('/usr/bin/docker') is affected by open_basedir restrictions and returns false, even though exec('/usr/bin/docker --version') works with the same open_basedir restrictions:

<?php

require __DIR__ . '/vendor/autoload.php';

$finder = new \Symfony\Component\Process\ExecutableFinder();

$finder->find('docker'); // /usr/bin/docker
exec('which docker'); // /user/bin/docker
is_executable('/usr/bin/docker'); // true
exec('/usr/bin/docker --version'); // Docker version 25.0.2, build 29cf629222

ini_set('open_basedir', '/tmp/foo');

$finder->find('docker'); // null
exec('which docker'); // /user/bin/docker
is_executable('/usr/bin/docker'); // false
exec('/usr/bin/docker --version'); // Docker version 25.0.2, build 29cf629222

ExecutableFinder uses is_executable, so it's affected by this. It seems like a PHP bug that should be reported upstream, but also ideally fixed and backported on Process if possible, do you agree?

Luc45 · 2024-03-06T14:41:29Z

Actually, it's not that is_executable is affected by open_basedir when it shouldn't - it's that exec isn't, and I would bet that proc_open isn't, neither.

<?php

require __DIR__ . '/vendor/autoload.php';

$finder = new \Symfony\Component\Process\ExecutableFinder();

exec('mkdir -p /tmp/bar && rm -rf /tmp/bar/*.test');

touch('/tmp/bar/no-basedir-touch.test'); // Created.
exec('touch /tmp/bar/no-basedir-exec.test');  // Created.

ini_set('open_basedir', '/tmp/foo');

touch('/tmp/bar/touch-basedir.test'); // Not created.
exec('touch /tmp/bar/touch-basedir-exec.test'); // Created.

Result:

➜  bar ls -Al                                                                                                                                                                                                                                                                                              
-rw-r--r-- 1 lucas lucas 0 mar  6 11:38 no-basedir-exec.test
-rw-r--r-- 1 lucas lucas 0 mar  6 11:38 no-basedir-touch.test
-rw-r--r-- 1 lucas lucas 0 mar  6 11:38 touch-basedir-exec.test

So the bug, after all, is using is_executable, which is bound by open_basedir to invoke code that isn't bound by open_basedir, such as exec and proc_open. Although, "fixing" this could also be an unwanted security issue for existing code.

nicolas-grekas · 2024-03-13T15:47:10Z

Works for me as a bugfix.

nicolas-grekas · 2024-03-13T15:47:46Z

But indeed the tests need to be taken care of!

Luc45 · 2024-03-13T17:30:32Z

Works for me as a bugfix.

This PR doesn't fix it, this is still present in Symfony ^7

Luc45 · 2024-03-13T17:32:31Z

Initially, I thought that the upstream PR would fix it, but it doesn't.

We can either consider it a "feature" not a "bug", or we can fix it. I just wonder if there are any security concerns on fixing this.

Luc45 · 2024-03-13T19:53:53Z

I'll close this PR and open a bug report

Port PR symfony#47422 to Symfony Process 5.4

f0e9c2c

carsonbot added Status: Needs Review Bug labels Mar 4, 2024

carsonbot added this to the 5.4 milestone Mar 4, 2024

Patching file

c630308

derrabus added Process Status: Waiting feedback and removed Status: Needs Review labels Mar 5, 2024

carsonbot changed the title ~~Port PR #47422 to Symfony Process 5.4~~ [Process] Port PR #47422 to Symfony Process 5.4 Mar 5, 2024

nicolas-grekas changed the title ~~[Process] Port PR #47422 to Symfony Process 5.4~~ [Process] Decouple Process::findExecutable() from open_basedir Mar 13, 2024

Luc45 closed this Mar 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Process] Decouple Process::findExecutable() from open_basedir#54151

[Process] Decouple Process::findExecutable() from open_basedir#54151
Luc45 wants to merge 2 commits intosymfony:5.4from
Luc45:24-03/find-executable-open_basedir

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants