Last modified: 2014-04-11 11:29:41 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T62208, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 60208 - external PHP can't be started - open_basedir not checked
external PHP can't be started - open_basedir not checked
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
JobQueue (Other open bugs)
1.22.1
All All
: Normal major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-18 18:23 UTC by Christian Boltz
Modified: 2014-04-11 11:29 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Christian Boltz 2014-01-18 18:23:30 UTC 
Probably since https://gerrit.wikimedia.org/r/#/c/59797/ job handling starts an external php process by default.

This fails if open_basedir does not contain /usr/bin/

There should be a check for the open_basedir, and an automatic fallback to the internal job queue.
Comment 1 Joerg 2014-01-19 03:37:04 UTC 
I agree. Note that the open_basedir check should not be done against /usr/bin/, but against the actual value of $wgPhpCli (which defaults to /usr/bin/, but also might be different).
Comment 2 Aaron Schulz 2014-02-12 08:48:16 UTC 
In master this already checks is_executable(), which should handle open_basedir.
Comment 3 Christian Boltz 2014-02-12 12:30:20 UTC 
Maybe, but it still logs a warning every time it looks for the PHP binary :-(

From my error_log: (domains replaced with domain.de/otherdomain.de)

[error] [client __IP_HIDDEN__] PHP Warning:  is_executable(): open_basedir restriction in effect. File(/usr/bin/php) is not within the allowed path(s): (/home/www/domain.de/:/home/www/all:/home/www/otherdomain.de/httpdocs/wiki/images/) in /home/www/domain.de/httpdocs/wiki/includes/Wiki.php on line 652, referer: http://www.domain.de/Wikipage
Comment 4 Gerrit Notification Bot 2014-02-27 19:18:04 UTC 
Change 113038 merged by jenkins-bot:
Moved job running via $wgJobRunRate to a special API

https://gerrit.wikimedia.org/r/113038
Comment 5 Liangent 2014-04-11 11:29:41 UTC 
Status	Merged
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links