[BlueOnyx:22202] open_basedir of server is not inherited to subdomain
Tomohiro Hosaka
bokutin at gmail.com
Thu Jul 5 06:11:52 -05 2018
Hello.
#
# Steps to reproduce the problem.
#
Create site4 of vsite.
https://$host:81/vsite/vsitePHP?group=site4
Open Basedir (Server): (I just installed it. This is the defualt.)
/home/
/home/.sites/70/site4
/tmp/
/usr/sausalito/configs/php/
/usr/share/pear
/var/lib/php/session/
Open Basedir (Vsite): (Test purpose)
/mnt
dump.php: <?php var_dump(ini_get('open_basedir')) ?>
http://$host/dump.php
string(106)
"/usr/share/pear:/var/lib/php/session/:/home/:/usr/sausalito/configs/php/:/tmp/:/mnt:/home/.sites/70/site4/"
GOOD
Add subdomainX. Add DNS A record of subdomainX.
http://subdomainX.$host/dump.php
string(59) "/mnt/mnt:/usr/sausalito/configs/php/:/home/.sites/70/site4/"
BAD!!
* open_basedir of server is not inherited to subdomain.
* What is /mnt/mnt?
#
# Environment
#
# rpm -qa | grep base-blueonyx
base-blueonyx-glue-5207R-4.20140909BX03.el6.noarch
base-blueonyx-capstone-5207R-4.20140909BX03.el6.noarch
# yum whatprovides
/usr/sausalito/handlers/base/subdomains/subdomain-new.pl | head
...snip...
base-subdomains-glue-2.2.0-0BX11.el6.noarch : glue for base-subdomains.
Repo : BlueOnyx-520XR
#
# Solution
#
Insert the code to set $vsite_php_settings->{"open_basedir"} in the file below.
(It is the same code.)
* /usr/sausalito/handlers/base/subdomains/subdomain-new.pl
* /usr/sausalito/handlers/base/subdomains/subdomain-services.pl
# diff -ub /usr/sausalito/handlers/base/subdomains/subdomain-new.pl-20170412180001
/usr/sausalito/handlers/base/subdomains/subdomain-new.pl
--- /usr/sausalito/handlers/base/subdomains/subdomain-new.pl-20170412180001
2017-04-12 18:00:01.000000000 +0900
+++ /usr/sausalito/handlers/base/subdomains/subdomain-new.pl
2018-07-05 19:57:32.000000000 +0900
@@ -155,6 +155,27 @@
}
$vsite_php_settings->{"safe_mode_allowed_env_vars"} =
join(",", @safe_mode_allowed_env_vars);
+ # 2017-04-12 fixed
+ # Three lines of code starting from the bottom "# Make
sure that...", the underlying $empty_open_basedir is not set
correctly.
+ # The server default is inherited in Vsite.
+ # The server default is NOT inherited in Subdomain, seems
that there is no consistency.
+ # Make it the same as Vsite in Subdomain.
+ {
+ # refer to base/vsite/php_vsite_handler.pl:670 sub
open_basedir_handling
+ my $mySystem = do {
+ my @sysoids = $cce->find('PHP');
+ my ($ok, $object) = $cce->get($sysoids[0]);
+ die unless $ok;
+ $object;
+ };
+ my @vsite_php_settings_temporary = split(":",
$vsite_php_settings->{"open_basedir"});
+ my @my_server_php_settings_temp = split(":",
$mySystem->{'open_basedir'});
+ my @vsite_php_settings_temp_joined =
(@vsite_php_settings_temporary, @my_server_php_settings_temp);
+ my %obd_helper = map { $_ => 1 }
@vsite_php_settings_temp_joined;
+ my @vsite_php_settings_temp = keys %obd_helper;
+
+ $vsite_php_settings->{"open_basedir"} = join ":",
@vsite_php_settings_temp;
+ }
# Make sure that the path to the prepend file directory
is allowed, too:
unless ($vsite_php_settings->{"open_basedir"} =~
m/\/usr\/sausalito\/configs\/php\//) {
$vsite_php_settings->{"open_basedir"} .=
$vsite_php_settings->{"open_basedir"} .
':/usr/sausalito/configs/php/';
# diff -ub /usr/sausalito/handlers/base/subdomains/subdomain-services.pl-20170412180001
/usr/sausalito/handlers/base/subdomains/subdomain-services.pl
--- /usr/sausalito/handlers/base/subdomains/subdomain-services.pl-20170412180001
2017-04-12 18:00:01.000000000 +0900
+++ /usr/sausalito/handlers/base/subdomains/subdomain-services.pl
2018-07-05 19:58:00.000000000 +0900
@@ -110,6 +110,27 @@
}
$vsite_php_settings->{"safe_mode_allowed_env_vars"} =
join(",", @safe_mode_allowed_env_vars);
+ # 2017-04-12 fixed
+ # Three lines of code starting from the bottom "# Make
sure that...", the underlying $empty_open_basedir is not set
correctly.
+ # The server default is inherited in Vsite.
+ # The server default is NOT inherited in Subdomain, seems
that there is no consistency.
+ # Make it the same as Vsite in Subdomain.
+ {
+ # refer to base/vsite/php_vsite_handler.pl:670 sub
open_basedir_handling
+ my $mySystem = do {
+ my @sysoids = $cce->find('PHP');
+ my ($ok, $object) = $cce->get($sysoids[0]);
+ die unless $ok;
+ $object;
+ };
+ my @vsite_php_settings_temporary = split(":",
$vsite_php_settings->{"open_basedir"});
+ my @my_server_php_settings_temp = split(":",
$mySystem->{'open_basedir'});
+ my @vsite_php_settings_temp_joined =
(@vsite_php_settings_temporary, @my_server_php_settings_temp);
+ my %obd_helper = map { $_ => 1 }
@vsite_php_settings_temp_joined;
+ my @vsite_php_settings_temp = keys %obd_helper;
+
+ $vsite_php_settings->{"open_basedir"} = join ":",
@vsite_php_settings_temp;
+ }
# Make sure that the path to the prepend file directory
is allowed, too:
unless ($vsite_php_settings->{"open_basedir"} =~
m/\/usr\/sausalito\/configs\/php\//) {
$vsite_php_settings->{"open_basedir"} .=
$vsite_php_settings->{"open_basedir"} .
':/usr/sausalito/configs/php/';
http://subdomainX.$host/dump.php
string(106)
"/usr/share/pear:/var/lib/php/session/:/home/:/usr/sausalito/configs/php/:/tmp/:/mnt:/home/.sites/70/site4/"
GOOD. Same as http://$host/dump.php
I think that it is ugly solution.
I hope that better solution will be merged.
Thank you.
--
Tomohiro Hosaka
More information about the Blueonyx
mailing list