[php-maint] Bug#668597: Bug#668597: php5 creates weird files in /
ulfhermann at kulturserver.de
Tue May 22 07:50:46 UTC 2012
> last shot - is your filesystem health ok?
It happens on two virtual machines running on the same host server.
They're similar but it seems unlikely that they'd suddenly both develop
the same defect in their file systems. Obviously the problem is that PHP
doesn't know where to put its logs when parsing that deprecated '#'.
Then it probably uses some uninitialized data as file name, opens the
file associated with that and puts them there. This is nasty. Someone
could make the OS allocate a big chunk of memory and repeatedly write
'/etc/passwd', then deallocate it and wait for the OS to give some part
of that chunk to PHP. Chances are that it would overwrite /etc/passwd
then. I have specified a file as error_log in /etc/php5/apache2/php.ini
and it seems to ignore it:
error_log = "/var/log/php_error.log"
Should it write those things to the error log? Or where would they
normally end up? I'll do some more experiments tonight. Please don't
close the bug, yet.
More information about the pkg-php-maint