Last modified: 2014-04-11 11:29:41 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T62208, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 60208 - external PHP can't be started - open_basedir not checked


Summary:	external PHP can't be started - open_basedir not checked

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	JobQueue (Other open bugs)
Version:	1.22.1
Hardware:	All All

Importance:	Normal major (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-01-18 18:23 UTC by Christian Boltz
Modified:	2014-04-11 11:29 UTC (History)
CC List:	5 users (show)

See Also:	58719 62092
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Christian Boltz 2014-01-18 18:23:30 UTC

Probably since https://gerrit.wikimedia.org/r/#/c/59797/ job handling starts an external php process by default.

This fails if open_basedir does not contain /usr/bin/

There should be a check for the open_basedir, and an automatic fallback to the internal job queue.

Comment 1 Joerg 2014-01-19 03:37:04 UTC

I agree. Note that the open_basedir check should not be done against /usr/bin/, but against the actual value of $wgPhpCli (which defaults to /usr/bin/, but also might be different).

Comment 2 Aaron Schulz 2014-02-12 08:48:16 UTC

In master this already checks is_executable(), which should handle open_basedir.

Comment 3 Christian Boltz 2014-02-12 12:30:20 UTC

Maybe, but it still logs a warning every time it looks for the PHP binary :-(

From my error_log: (domains replaced with domain.de/otherdomain.de)

[error] [client __IP_HIDDEN__] PHP Warning:  is_executable(): open_basedir restriction in effect. File(/usr/bin/php) is not within the allowed path(s): (/home/www/domain.de/:/home/www/all:/home/www/otherdomain.de/httpdocs/wiki/images/) in /home/www/domain.de/httpdocs/wiki/includes/Wiki.php on line 652, referer: http://www.domain.de/Wikipage

Comment 4 Gerrit Notification Bot 2014-02-27 19:18:04 UTC

Change 113038 merged by jenkins-bot:
Moved job running via $wgJobRunRate to a special API

https://gerrit.wikimedia.org/r/113038

Comment 5 Liangent 2014-04-11 11:29:41 UTC

Status	Merged

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links