#40535 [NEW]: is_readable and file_exists give false negatives when euid != uid

[php dot user at jeremy dot smallinfinity dot net]

From: php dot user at jeremy dot smallinfinity dot net
Operating system: MacOS and RedHat Linux
PHP version: 5.2.1
PHP Bug Type: *Directory/Filesystem functions
Bug description: is_readable and file_exists give false negatives when euid != uid

Description:
------------
is_readable() and file_exists(), when called from a PHP 4.3.2 (Linux),
4.4.0 (Mac OS) and 5.2.1 (Mac OS) script that is executed with
posix_euid() != posix_uid() does not recognize files that are owned and
readable only by the effective uid. Instead is_readable() and
file_exists() return "false" even though functions like fileperms, fopen
and readfile work as expected.

Reproduce code:
---------------
#!/usr/bin/php
<?php
echo "My effective UID is ".posix_geteuid()." but my UID is really
".posix_getuid()."\n";

chdir($curdir = dirname(__FILE__)) or die("Unable to enter the private
directory");
echo "The current directory is owned by ".fileowner($curdir)." and has
permissions ".sprintf('%o', fileperms($curdir))."\n";

touch("test.dat");
chmod("test.dat", 0600); // readable only by the effective user

echo "is_readable should give TRUE, and gives ".(is_readable("test.dat") ?
"TRUE" : "FALSE")."\n";

echo "file_exists should give TRUE, and gives ".(file_exists("test.dat") ?
"TRUE" : "FALSE")."\n";

echo "The file has permissions ".sprintf('%o', fileperms("test.dat")).",
is owned by ".fileowner("test.dat")." and is in the
".filegroup("test.dat")." group.\n";

unlink("test.dat"); // no error because the file really does exist!

?>

Expected result:
----------------
My effective UID is 501 but my UID is really [uid]
The current directory is owned by 501 and has permissions 40700
is_readable should give TRUE, and gives TRUE
file_exists should give TRUE, and gives TRUE
The file has permissions 100600, is owned by 501 and is in the 501 group.

Actual result:
--------------
When run as its owner, gives the expected result, with [uid]=501.

When run from a different account using the executable obtained from
#include <unistd.h>

int main(int argc, char **argv) {
execl("/path/to/reproduce_code.php", "/path/to/reproduce_code.php",
NULL);

}
which is then chmod 04711 or 06711, gives

My effective UID is 501 but my UID is really 503
The current directory is owned by 501 and has permissions 40700
is_readable should give TRUE, and gives FALSE
file_exists should give TRUE, and gives FALSE
The file has permissions 100600, is owned by 501 and is in the 501 group.

These tests are done on Mac OS X 10.4.8 with both PHP 4.4.4 and 5.2.1, but
I first noticed this behaviour with PHP 4.3.2 under Red Hat Linux for which
I do not have root privileges.

--
Edit bug report at [url]http://bugs.php.net/?id=40535&edit=1[/url]
--
Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40535&r=trysnapshot44[/url]
Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40535&r=trysnapshot52[/url]
Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40535&r=trysnapshot60[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40535&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=40535&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=40535&r=needtrace[/url]
Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40535&r=needscript[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=40535&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=40535&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=40535&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=40535&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=40535&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=40535&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40535&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=40535&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=40535&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40535&r=gnused[/url]
Floating point limitations: [url]http://bugs.php.net/fix.php?id=40535&r=float[/url]
No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40535&r=nozend[/url]
MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40535&r=mysqlcfg[/url]

[tony2001@php.net]

ID: 40535
Updated by: [email]tony2001@php.net[/email]
Reported By: php dot user at jeremy dot smallinfinity dot net
-Status: Open
+Status: Bogus
Bug Type: *Directory/Filesystem functions
Operating System: MacOS and RedHat Linux
PHP Version: 5.2.1
New Comment:

PHP uses access() function.

man access:
The check is done with the process's real UID and GID, rather than with
the effective IDs as is done when actually attempting an operation.
This is to allow set-UID programs to easily determine the invoking
user's authority.



Previous Comments:
------------------------------------------------------------------------

[2007-02-18 17:35:44] php dot user at jeremy dot smallinfinity dot net

Description:
------------
is_readable() and file_exists(), when called from a PHP 4.3.2 (Linux),
4.4.0 (Mac OS) and 5.2.1 (Mac OS) script that is executed with
posix_euid() != posix_uid() does not recognize files that are owned and
readable only by the effective uid. Instead is_readable() and
file_exists() return "false" even though functions like fileperms,
fopen and readfile work as expected.

Reproduce code:
---------------
#!/usr/bin/php
<?php
echo "My effective UID is ".posix_geteuid()." but my UID is really
".posix_getuid()."\n";

chdir($curdir = dirname(__FILE__)) or die("Unable to enter the private
directory");
echo "The current directory is owned by ".fileowner($curdir)." and has
permissions ".sprintf('%o', fileperms($curdir))."\n";

touch("test.dat");
chmod("test.dat", 0600); // readable only by the effective user

echo "is_readable should give TRUE, and gives
".(is_readable("test.dat") ? "TRUE" : "FALSE")."\n";

echo "file_exists should give TRUE, and gives
".(file_exists("test.dat") ? "TRUE" : "FALSE")."\n";

echo "The file has permissions ".sprintf('%o',
fileperms("test.dat")).", is owned by ".fileowner("test.dat")." and is
in the ".filegroup("test.dat")." group.\n";

unlink("test.dat"); // no error because the file really does exist!

?>

Expected result:
----------------
My effective UID is 501 but my UID is really [uid]
The current directory is owned by 501 and has permissions 40700
is_readable should give TRUE, and gives TRUE
file_exists should give TRUE, and gives TRUE
The file has permissions 100600, is owned by 501 and is in the 501
group.

Actual result:
--------------
When run as its owner, gives the expected result, with [uid]=501.

When run from a different account using the executable obtained from
#include <unistd.h>

int main(int argc, char **argv) {
execl("/path/to/reproduce_code.php", "/path/to/reproduce_code.php",
NULL);

}
which is then chmod 04711 or 06711, gives

My effective UID is 501 but my UID is really 503
The current directory is owned by 501 and has permissions 40700
is_readable should give TRUE, and gives FALSE
file_exists should give TRUE, and gives FALSE
The file has permissions 100600, is owned by 501 and is in the 501
group.

These tests are done on Mac OS X 10.4.8 with both PHP 4.4.4 and 5.2.1,
but I first noticed this behaviour with PHP 4.3.2 under Red Hat Linux
for which I do not have root privileges.


------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=40535&edit=1[/url]

[php dot user at jeremy dot smallinfinity dot net]

ID: 40535
User updated by: php dot user at jeremy dot smallinfinity dot net
Reported By: php dot user at jeremy dot smallinfinity dot net
Status: Bogus
Bug Type: *Directory/Filesystem functions
Operating System: MacOS and RedHat Linux
PHP Version: 5.2.1
New Comment:

Thanks.

I understand that PHP uses access() and that access() behaves as per
its man page. I also understand that this is one way of fixing e.g.
Bug#30931. But I don't understand why that implies that is_readable()
and file_exists() are *supposed to* behave according to the access()
man page. Aren't is_readable() and file_exists() supposed to behave as
described in the PHP manual? Nowhere therein does it specify that the
check is done using the real UID/GID instead of the effective one. And
I'm afraid I don't understand why checking the real UID/GID is the
desired behaviour.

Thanks,
Jeremy


Previous Comments:
------------------------------------------------------------------------

[2007-02-27 13:40:36] [email]tony2001@php.net[/email]

PHP uses access() function.

man access:
The check is done with the process's real UID and GID, rather than with
the effective IDs as is done when actually attempting an operation.
This is to allow set-UID programs to easily determine the invoking
user's authority.


------------------------------------------------------------------------

[2007-02-18 17:35:44] php dot user at jeremy dot smallinfinity dot net

Description:
------------
is_readable() and file_exists(), when called from a PHP 4.3.2 (Linux),
4.4.0 (Mac OS) and 5.2.1 (Mac OS) script that is executed with
posix_euid() != posix_uid() does not recognize files that are owned and
readable only by the effective uid. Instead is_readable() and
file_exists() return "false" even though functions like fileperms,
fopen and readfile work as expected.

Reproduce code:
---------------
#!/usr/bin/php
<?php
echo "My effective UID is ".posix_geteuid()." but my UID is really
".posix_getuid()."\n";

chdir($curdir = dirname(__FILE__)) or die("Unable to enter the private
directory");
echo "The current directory is owned by ".fileowner($curdir)." and has
permissions ".sprintf('%o', fileperms($curdir))."\n";

touch("test.dat");
chmod("test.dat", 0600); // readable only by the effective user

echo "is_readable should give TRUE, and gives
".(is_readable("test.dat") ? "TRUE" : "FALSE")."\n";

echo "file_exists should give TRUE, and gives
".(file_exists("test.dat") ? "TRUE" : "FALSE")."\n";

echo "The file has permissions ".sprintf('%o',
fileperms("test.dat")).", is owned by ".fileowner("test.dat")." and is
in the ".filegroup("test.dat")." group.\n";

unlink("test.dat"); // no error because the file really does exist!

?>

Expected result:
----------------
My effective UID is 501 but my UID is really [uid]
The current directory is owned by 501 and has permissions 40700
is_readable should give TRUE, and gives TRUE
file_exists should give TRUE, and gives TRUE
The file has permissions 100600, is owned by 501 and is in the 501
group.

Actual result:
--------------
When run as its owner, gives the expected result, with [uid]=501.

When run from a different account using the executable obtained from
#include <unistd.h>

int main(int argc, char **argv) {
execl("/path/to/reproduce_code.php", "/path/to/reproduce_code.php",
NULL);

}
which is then chmod 04711 or 06711, gives

My effective UID is 501 but my UID is really 503
The current directory is owned by 501 and has permissions 40700
is_readable should give TRUE, and gives FALSE
file_exists should give TRUE, and gives FALSE
The file has permissions 100600, is owned by 501 and is in the 501
group.

These tests are done on Mac OS X 10.4.8 with both PHP 4.4.4 and 5.2.1,
but I first noticed this behaviour with PHP 4.3.2 under Red Hat Linux
for which I do not have root privileges.


------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=40535&edit=1[/url]