Am Mo, den 04.07.2005 schrieb Fedora Mailing List um 16:06: > The Scenario : > > get this php filemanager : > http://phpfm.sourceforge.net/#downloads > simply unzip into your web site directory > > I have vhosts under a /data dir > > rights 711 on the vhost dir, all fine > drwx--x--x 19 john data 4096 Jun 24 15:35 www.test.com > > after calling the php file manager http://site.name/index.php > the rights on the directory are made world writeable > > drwxrwxrwx 13 john data 4096 Jul 4 15:39 www.test.com > > SCARY --- The problem is phpfm then. > apache error.log: > > [Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] Premature end of > script headers: index.php, referer: http://www.test.com/index.php > [Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] SoftException in > Application.cpp:227: Directory "/data/www.test.com" is writeable by > group, referer: http://www.test.com/index.php > [Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] *** glibc detected > *** double free or corruption (fasttop): 0x099c6590 ***, referer: > http://www.test.com/index.php > [Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] File does not exist: > /data/www.test.com/favicon.ico > [Mon Jul 04 15:44:09 2005] [error] [client x.x.x.x] File does not exist: > /data/www.test.com/favicon.ico > [Mon Jul 04 15:44:19 2005] [error] [client x.x.x.x] Premature end of > script headers: index.php, referer: http://www.test.com/index.php > [Mon Jul 04 15:44:19 2005] [error] [client x.x.x.x] SoftException in > Application.cpp:227: Directory "/data/www.test.com" is writeable by > group, referer: http://www.test.com/index.php > [Mon Jul 04 15:44:19 2005] [error] [client x.x.x.x] *** glibc detected > *** double free or corruption (fasttop): 0x08e16590 ***, referer: > http://www.test.com/index.php > > > Switching between suphp and mod_php didtn change anything .. the rights > on the dir are changed no matter > (the error above are with suphp enabled, with mod_php I didnt get any > error but the same result) I have doubts that Apache (user apache) is able to change filesystem permissions when it does not own a directory and no extension like suphp is configured or suExec is set. > On FC4 the problem didnt occur > ------------ > System Fedora Core 3 - No Selinux > > > httpd -V > Server version: Apache/2.0.54 That is no FC3 Apache! $ rpm -q httpd httpd-2.0.52-3.1 $ httpd -v Server version: Apache/2.0.52 Server built: Nov 11 2004 10:31:42 > Server built: Apr 18 2005 21:03:32 > Server's Module Magic Number: 20020903:9 > Architecture: 32-bit > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/prefork" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D HTTPD_ROOT="/etc/httpd" > -D SUEXEC_BIN="/usr/sbin/suexec" > -D DEFAULT_PIDLOG="logs/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_LOCKFILE="logs/accept.lock" > -D DEFAULT_ERRORLOG="logs/error_log" > I didnt trace and debug the thing yet, pretty in a hurry right now, to find out what may have caused it ... if any1 heared about it .. ? I would say phpfm is broken or misconfigured. I miss the proof that a plain FC3 Apache2 with only mod_php - no suPHP, nor running suExec with PHP cgi scripts - is able to change filesystem permissions for directories / files the apache user does not own. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 16:22:25 up 8 days, 23:14, load average: 0.14, 0.30, 0.42
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
