[Process] Support using Process::findExecutable() independently of open_basedir
#47422
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stof
reviewed
Sep 12, 2022
Can you point me where the error occurs? Have bit of a problem interprerting https://ci.appveyor.com/project/fabpot/symfony/builds/44759158 - I only see |
|
@BlackbitNeueMedien This is because this URL was showing only the end of the logs, as explained in the banner on top. Looking at the full logs, I see an issue: https://ci.appveyor.com/project/fabpot/symfony/builds/44759158?fullLog=true#L1706 shows that your new code leaks to stderr However, I'm still not sure what changes the exit code to a failure one. |
Process::findExecutable() independently of open_basedir
1e0428c to
5af7d53
Compare
nicolas-grekas
approved these changes
Aug 1, 2023
fabpot
approved these changes
Aug 1, 2023
|
Thank you @BlackbitDevs. |
Merged
nicolas-grekas
added a commit
that referenced
this pull request
Aug 7, 2023
This PR was merged into the 6.4 branch. Discussion ---------- [Process] fix tests | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - - `testFindProcessInOpenBasedir` is a duplicate of `testFindWithOpenBaseDir` - `testFindWithOpenBaseDir` currently expects that we search open_basedir instead of PATH when the setting is set, but this doesn't really make sense, and #47422 removed this behavior - `PhpSubprocessTest::testSubprocess` expects a php that defaults to memory_limit=-1, which is not the case currently for the sigchild-enabled binary Commits ------- 4ca4417 [Process] fix tests
This was referenced Oct 21, 2023
Merged
Merged
Luc45
added a commit
to Luc45/symfony
that referenced
this pull request
Mar 4, 2024
nicolas-grekas
added a commit
that referenced
this pull request
Sep 17, 2024
…sedir (BlackbitDevs) This PR was merged into the 5.4 branch. Discussion ---------- [Process] Fix finding executables independently of open_basedir | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | - | License | MIT This backports #47422 to 5.4, which is a bugfix really. Instead of #58008 and #57954 /cc `@xabbuh` `@fritzmg` Commits ------- 4424763 [Process] Fix finding executables independently of open_basedir
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With this PR
Console::findExecutable()will find executables also if the their path is not allowed inopen_basedirconfig similar tosymfony/src/Symfony/Component/Process/PhpExecutableFinder.php
Lines 36 to 41 in ddaedd2
Console::findExecutable()'s responsibility is to find an executable which can be called with a Symfony Process or by PHP's functions likeexec,systemetc.The goal of PHP's
open_basedirconfig is to restrict reading / writing files within PHP processes. Imho this is completely independent of finding an executable.If PHP's intention was to restrict executing applications which are not present in
open_basedir's paths, it would have been implemented there.