Re: PHP4 sessions
> For the most part, your patch looks good. I will note that as a
> general-purpose routine, your recursive directory-creation loop contains
> a race condition that could allow the owner of a parent directory to
> yoink a newly-created directory out from under the php process and cause
> problems later when trying to create the session file; but for the
> specific case of creating subdirectories under /tmp (or /var/tmp), it
> should be ok.
As I said, the patch is not all it could be; ultimately it is a work
around for bad design in the libmm library/interface. You probably
need a real BOFH (or a real BOFH streak in the user) to yank
/var/tmp/php4-%u out from under the php process.
> In addition, your length parameter in strncpy() should be
> bounded by the size of the destination buffer, not the size of the
> source string. I believe both of these issues should be addressed
> before submitting to upstream.
This is also true, I don't like using fixed length buffers at all, but
since the string that is strncpy'ed into the buffer is limited by the
length of the compiled in PS_MM_PATH and the length of a numeric uid,
the buffer is easily large enough. (It is also true that a fair chunk
of the patch is unnecessary given these constraints, but it helped
while I was experimenting.)
I shall implement a dynamic buffer approach and then submit the patch
upstream.
> In the meantime, I don't see any reason not to include the patch in the
> Debian package. Has this patch been submitted to the BTS? That's
> probably the best place for it so that whoever is uploading the PHP4
> packages in the future has it available.
I shall submit the patch to the BTS (under a new bug number?). I had
left this to Petr if he saw fit but I hadn't realised that he had
orphaned the packages.
Matt
--
Matt Kern
Gyre Technology Limited
http://www.gyre.co.uk/
Phone: +44 (0) 1223 368398
Reply to: