Date: Thu, 6 Jan 2011 12:24:10 GMT From: Owen <freebsdpr@easytarget.me.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/153723: Compile of devel/pear has a dependency on php security directive open_basedir not being set Message-ID: <201101061224.p06COAuU050621@red.freebsd.org> Resent-Message-ID: <201101061230.p06CUAhR091099@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 153723 >Category: misc >Synopsis: Compile of devel/pear has a dependency on php security directive open_basedir not being set >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 06 12:30:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Owen >Release: FreeBSD 7.3-RELEASE-p3 i386 >Organization: easytarget.org >Environment: FreeBSD calvin.easytarget.me.uk 7.3-RELEASE-p3 FreeBSD 7.3-RELEASE-p3 #22: Fri Sep 24 16:27:50 CEST 2010 root@calvin.easytarget.me.uk:/usr/obj /usr/src/sys/CALVINKERNEL i386 >Description: When building devel/pear with the php security option open_basedir set restrictively (a common security best-practice) the compilation will fail; presumably because php is invoked in the build workdir itself (or some other temporary space). However the open_basedir directive will prevent php from running outside of the specified path(s). ------------------------------------------------------------ calvin# grep open_basedir /usr/local/etc/php.ini ; open_basedir, if set, limits all file operations to the defined directory open_basedir = /usr/local/www calvin# cd /usr/ports/devel/pear calvin# make deinstall ===> Deinstalling for devel/pear ===> Deinstalling pear-1.9.1_1 calvin# make install ===> Installing for pear-1.9.1_1 ===> pear-1.9.1_1 depends on file: /usr/local/include/php/main/php.h - found ===> pear-1.9.1_1 depends on file: /usr/local/lib/php/20090626/xml.so - found ===> Generating temporary packing list ===> Checking if devel/pear already installed ****************************************************************************** FATAL ERROR! We cannot initialize the temp directory. Please be sure to give full write access to this directory and the install directory. '/go-pear' was given.sed: /usr/local/share/pear/peclcmd.php: No such file or directory *** Error code 1 Stop in /usr/ports/devel/pear. calvin# vi /usr/local/etc/php.ini calvin# grep open_basedir /usr/local/etc/php.ini ; open_basedir, if set, limits all file operations to the defined directory ;open_basedir = /usr/local/www calvin# make install ===> Installing for pear-1.9.1_1 ===> pear-1.9.1_1 depends on file: /usr/local/include/php/main/php.h - found ===> pear-1.9.1_1 depends on file: /usr/local/lib/php/20090626/xml.so - found ===> Generating temporary packing list ===> Checking if devel/pear already installed Bootstrapping Installer................... Bootstrapping PEAR.php............(local) ok Bootstrapping Archive/Tar.php............(local) ok Bootstrapping Console/Getopt.php............(local) ok Extracting installer.................. Using local package: PEAR.............ok Using local package: Structures_Graph....ok Preparing installer.................. Updating channel "doc.php.net" Update of Channel "doc.php.net" succeeded Updating channel "pear.php.net" Channel "pear.php.net" is up to date Updating channel "pecl.php.net" Update of Channel "pecl.php.net" succeeded Installing selected packages.................. Installing bootstrap package: PEAR...................warning: pear/PEAR requires package "pear/Archive_Tar" (recommended version 1.3.7) warning: pear/PEAR requires package "pear/Structures_Graph" (recommended version 1.0.3) warning: pear/PEAR requires package "pear/Console_Getopt" (recommended version 1.2.3) warning: pear/PEAR requires package "pear/XML_Util" (recommended version 1.2.1) install ok: channel://pear.php.net/PEAR-1.9.1 PEAR: Optional feature webinstaller available (PEAR's web-based installer) PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer) PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer) PEAR: To install optional features use "pear install pear/PEAR#featurename" Installing bootstrap package: Structures_Graph.......install ok: channel://pear.php.net/Structures_Graph-1.0.3 Installing local package: Archive_Tar-stable.........install ok: channel://pear.php.net/Archive_Tar-1.3.7 Installing local package: Console_Getopt-stable.......install ok: channel://pear.php.net/Console_Getopt-1.2.3 ===> Registering installation for pear-1.9.1_1 calvin# vi /usr/local/etc/php.ini < restore my open_basedir setting.. > -------------------------------------------- This is from my posting in the forums here: http://forums.freebsd.org/showthread.php?p=118002#post118002 >How-To-Repeat: build devel/pear with open_basedir set restrictively. >Fix: Change line 33 of the makefile to unset this directive at compile time: The following diff worked on my system (I'm not a coder; so have not submitted as a patch since I might have got this wrong ;-) calvin# diff -c Makefile Makefile.orig *** Makefile Thu Jan 6 13:16:02 2011 --- Makefile.orig Thu Dec 30 05:15:49 2010 *************** *** 30,36 **** ${WRKSRC}/go-pear do-install: ! @cd ${WRKSRC} && ${LOCALBASE}/bin/php -d open_basedir="" -q ./go-pear @${SED} -i "" "s|<?php|<?php dl('pcre.so'); dl('xml.so');|" \ ${PEARDIR}/peclcmd.php --- 30,36 ---- ${WRKSRC}/go-pear do-install: ! @cd ${WRKSRC} && ${LOCALBASE}/bin/php -q ./go-pear @${SED} -i "" "s|<?php|<?php dl('pcre.so'); dl('xml.so');|" \ ${PEARDIR}/peclcmd.php >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101061224.p06COAuU050621>