Professional Web Applications Themes

#39648 [NEW]: Implementation of PHP functions chown() and chgrp() not thread safe. - PHP Bugs

From: wharmby at uk dot ibm dot com Operating system: Linux RHEL4 PHP version: 5CVS-2006-11-27 (snap) PHP Bug Type: Unknown/Other Function Bug description: Implementation of PHP functions chown() and chgrp() not thread safe. Description: ------------ The current implementation of the chown() and chgrp() functions on Linux use the non-reentrant getpwnam() and getgrnam() C library calls respectively rather than the reentrant getpwnam_r() and getgrnam_r(). Therefore using either chown() or chgrp() on Linux in a ZTS enabled build could lead to unpredictable/undesirable results. The following patch, which was built against the latest snapshot (Nov 27th, 2006, 0730 GMT) modifies the code in ...

  1. #1

    Default #39648 [NEW]: Implementation of PHP functions chown() and chgrp() not thread safe.

    From: wharmby at uk dot ibm dot com
    Operating system: Linux RHEL4
    PHP version: 5CVS-2006-11-27 (snap)
    PHP Bug Type: Unknown/Other Function
    Bug description: Implementation of PHP functions chown() and chgrp() not thread safe.

    Description:
    ------------
    The current implementation of the chown() and chgrp()
    functions on Linux use the non-reentrant getpwnam() and
    getgrnam() C library calls respectively rather than the
    reentrant getpwnam_r() and getgrnam_r(). Therefore using
    either chown() or chgrp() on Linux in a ZTS enabled build
    could lead to unpredictable/undesirable results.

    The following patch, which was built against the latest snapshot (Nov
    27th, 2006, 0730 GMT) modifies the code in
    ext/standard/filestat.c to use the reentrant versions of
    these functions and so make these 2 functions thread safe:

    [url]http://pastebin.ca/259657[/url]

    However, I am concerned that this patch relies on the C
    library supporting the POSIX.1 functions getpwnam_r(),
    getgrnam_r() and sysconf(). These are all implemented by
    GNU libc but are there other C libraries used to build PHP
    which may not have the necessary support ? Or is it
    reasonable to assume that all C libraries used when buiding
    PHP will be POSIX.1 compliant ?

    N.B There are other uses of these non-reentrant functions in
    the PHP code base (e.g posix.c and fopen_wrappers.c) and I
    m happy to produce the necessary patches to fix these uses
    if this fix proves satisfactory.

    Andy Wharmby
    IBM United Kingdom Limited

    Reproduce code:
    ---------------
    ---------------
    Problem found by code inspection. As with most thread safety issues
    difficult to produce a simple testcase which will show a reproducible
    crash but current Linux executable is clearly
    not reentrant.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A

    --
    Edit bug report at [url]http://bugs.php.net/?id=39648&edit=1[/url]
    --
    Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=39648&r=trysnapshot44[/url]
    Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=39648&r=trysnapshot52[/url]
    Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=39648&r=trysnapshot60[/url]
    Fixed in CVS: [url]http://bugs.php.net/fix.php?id=39648&r=fixedcvs[/url]
    Fixed in release: [url]http://bugs.php.net/fix.php?id=39648&r=alreadyfixed[/url]
    Need backtrace: [url]http://bugs.php.net/fix.php?id=39648&r=needtrace[/url]
    Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=39648&r=needscript[/url]
    Try newer version: [url]http://bugs.php.net/fix.php?id=39648&r=oldversion[/url]
    Not developer issue: [url]http://bugs.php.net/fix.php?id=39648&r=support[/url]
    Expected behavior: [url]http://bugs.php.net/fix.php?id=39648&r=notwrong[/url]
    Not enough info: [url]http://bugs.php.net/fix.php?id=39648&r=notenoughinfo[/url]
    Submitted twice: [url]http://bugs.php.net/fix.php?id=39648&r=submittedtwice[/url]
    register_globals: [url]http://bugs.php.net/fix.php?id=39648&r=globals[/url]
    PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=39648&r=php3[/url]
    Daylight Savings: [url]http://bugs.php.net/fix.php?id=39648&r=dst[/url]
    IIS Stability: [url]http://bugs.php.net/fix.php?id=39648&r=isapi[/url]
    Install GNU Sed: [url]http://bugs.php.net/fix.php?id=39648&r=gnused[/url]
    Floating point limitations: [url]http://bugs.php.net/fix.php?id=39648&r=float[/url]
    No Zend Extensions: [url]http://bugs.php.net/fix.php?id=39648&r=nozend[/url]
    MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=39648&r=mysqlcfg[/url]
    wharmby at uk dot ibm dot com Guest

  2. #2

    Default #39648 [Opn->Asn]: Implementation of PHP functions chown() and chgrp() not thread safe.

    ID: 39648
    Updated by: [email]iliaaphp.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    -Status: Open
    +Status: Assigned
    Bug Type: Unknown/Other Function
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2006-11-27 (snap)
    -Assigned To:
    +Assigned To: iliaa


    Previous Comments:
    ------------------------------------------------------------------------

    [2006-11-27 17:05:42] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of the chown() and chgrp()
    functions on Linux use the non-reentrant getpwnam() and
    getgrnam() C library calls respectively rather than the
    reentrant getpwnam_r() and getgrnam_r(). Therefore using
    either chown() or chgrp() on Linux in a ZTS enabled build
    could lead to unpredictable/undesirable results.

    The following patch, which was built against the latest snapshot (Nov
    27th, 2006, 0730 GMT) modifies the code in
    ext/standard/filestat.c to use the reentrant versions of
    these functions and so make these 2 functions thread safe:

    [url]http://pastebin.ca/259657[/url]

    However, I am concerned that this patch relies on the C
    library supporting the POSIX.1 functions getpwnam_r(),
    getgrnam_r() and sysconf(). These are all implemented by
    GNU libc but are there other C libraries used to build PHP
    which may not have the necessary support ? Or is it
    reasonable to assume that all C libraries used when buiding
    PHP will be POSIX.1 compliant ?

    N.B There are other uses of these non-reentrant functions in
    the PHP code base (e.g posix.c and fopen_wrappers.c) and I
    m happy to produce the necessary patches to fix these uses
    if this fix proves satisfactory.

    Andy Wharmby
    IBM United Kingdom Limited

    Reproduce code:
    ---------------
    ---------------
    Problem found by code inspection. As with most thread safety issues
    difficult to produce a simple testcase which will show a reproducible
    crash but current Linux executable is clearly
    not reentrant.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=39648&edit=1[/url]
    iliaa@php.net Guest

  3. #3

    Default #39648 [Asn->Csd]: Implementation of PHP functions chown() and chgrp() not thread safe.

    ID: 39648
    Updated by: [email]iliaaphp.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    -Status: Assigned
    +Status: Closed
    Bug Type: Unknown/Other Function
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2006-11-27 (snap)
    Assigned To: iliaa
    New Comment:

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.




    Previous Comments:
    ------------------------------------------------------------------------

    [2006-11-27 17:05:42] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of the chown() and chgrp()
    functions on Linux use the non-reentrant getpwnam() and
    getgrnam() C library calls respectively rather than the
    reentrant getpwnam_r() and getgrnam_r(). Therefore using
    either chown() or chgrp() on Linux in a ZTS enabled build
    could lead to unpredictable/undesirable results.

    The following patch, which was built against the latest snapshot (Nov
    27th, 2006, 0730 GMT) modifies the code in
    ext/standard/filestat.c to use the reentrant versions of
    these functions and so make these 2 functions thread safe:

    [url]http://pastebin.ca/259657[/url]

    However, I am concerned that this patch relies on the C
    library supporting the POSIX.1 functions getpwnam_r(),
    getgrnam_r() and sysconf(). These are all implemented by
    GNU libc but are there other C libraries used to build PHP
    which may not have the necessary support ? Or is it
    reasonable to assume that all C libraries used when buiding
    PHP will be POSIX.1 compliant ?

    N.B There are other uses of these non-reentrant functions in
    the PHP code base (e.g posix.c and fopen_wrappers.c) and I
    m happy to produce the necessary patches to fix these uses
    if this fix proves satisfactory.

    Andy Wharmby
    IBM United Kingdom Limited

    Reproduce code:
    ---------------
    ---------------
    Problem found by code inspection. As with most thread safety issues
    difficult to produce a simple testcase which will show a reproducible
    crash but current Linux executable is clearly
    not reentrant.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=39648&edit=1[/url]
    iliaa@php.net Guest

  4. #4

    Default #39648 [Csd]: Implementation of PHP functions chown() and chgrp() not thread safe.

    ID: 39648
    User updated by: wharmby at uk dot ibm dot com
    Reported By: wharmby at uk dot ibm dot com
    Status: Closed
    Bug Type: Unknown/Other Function
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2006-11-27 (snap)
    Assigned To: iliaa
    New Comment:

    First thanks for taking a look at this one for me Ilia.

    One question about the fix though. Rather than
    unconditionally calling getpwnam_r and getgrnam_r as my
    patch did you have modified the autoconf input to cause the
    necessary "HAVE_" variables to be set and #if def'd the code
    to check these variables. This was the bit I was unsure
    about as I have not worked with autoconf files much before
    but that all looks straightforward and will help me construct a fix for
    a similar issue I have identified in the
    PHP code.

    My only concern is that as the code stands if the reentrant
    (_r) version of the function is NOT available then the
    standard function is called instead. This assumes that if a
    library does not implement a "_r" version of the function
    that the basic function is reentrant. Whilst I don't know
    of an instance when this is not true I wondered if this was
    a known safe assumption ? It would sure make life easier if
    it was true but I have not seen this doented anywhere.
    You have probably already done all the necessary research
    and found this to be a safe assumption but for my own future
    information it would be very useful if you could confirm
    this please.

    I half expected to see code similar to that in reentrancy.c
    where if the "_r" version is not available the standard
    function is called wrapped in a mutex. I realize that
    assuming that if a "_r" version of a function is not
    available that assuming that the standard function must NOT
    be reentrant could also be a flawed assumption and without
    extra #if def's in the code could lead to unnecessary single
    threading of the code but at least it ensures thread safety.


    Previous Comments:
    ------------------------------------------------------------------------

    [2006-11-29 23:42:14] [email]iliaaphp.net[/email]

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.



    ------------------------------------------------------------------------

    [2006-11-27 17:05:42] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of the chown() and chgrp()
    functions on Linux use the non-reentrant getpwnam() and
    getgrnam() C library calls respectively rather than the
    reentrant getpwnam_r() and getgrnam_r(). Therefore using
    either chown() or chgrp() on Linux in a ZTS enabled build
    could lead to unpredictable/undesirable results.

    The following patch, which was built against the latest snapshot (Nov
    27th, 2006, 0730 GMT) modifies the code in
    ext/standard/filestat.c to use the reentrant versions of
    these functions and so make these 2 functions thread safe:

    [url]http://pastebin.ca/259657[/url]

    However, I am concerned that this patch relies on the C
    library supporting the POSIX.1 functions getpwnam_r(),
    getgrnam_r() and sysconf(). These are all implemented by
    GNU libc but are there other C libraries used to build PHP
    which may not have the necessary support ? Or is it
    reasonable to assume that all C libraries used when buiding
    PHP will be POSIX.1 compliant ?

    N.B There are other uses of these non-reentrant functions in
    the PHP code base (e.g posix.c and fopen_wrappers.c) and I
    m happy to produce the necessary patches to fix these uses
    if this fix proves satisfactory.

    Andy Wharmby
    IBM United Kingdom Limited

    Reproduce code:
    ---------------
    ---------------
    Problem found by code inspection. As with most thread safety issues
    difficult to produce a simple testcase which will show a reproducible
    crash but current Linux executable is clearly
    not reentrant.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=39648&edit=1[/url]
    wharmby at uk dot ibm dot com Guest

Similar Threads

  1. #39754 [NEW]: Some POSIX extension functions not thread safe
    By wharmby at uk dot ibm dot com in forum PHP Bugs
    Replies: 2
    Last Post: December 7th, 01:41 AM
  2. Standard Queue Implementation and Thread Safety
    By Pete Kazmier in forum Ruby
    Replies: 4
    Last Post: October 9th, 03:49 PM
  3. Thread-safe Code
    By Erik J Sawyer in forum ASP.NET Web Services
    Replies: 2
    Last Post: October 3rd, 05:06 PM
  4. Is the ithreads implementation safe?
    By David Morel in forum PERL Miscellaneous
    Replies: 1
    Last Post: September 13th, 08:42 PM
  5. chown / chgrp of a http owned file after upload
    By Bix in forum PHP Development
    Replies: 4
    Last Post: August 6th, 11:41 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139