[php-maint] Bug#747195: Bug#747195: php5-fpm: Permission denied for /var/run/php5-fpm.sock

Lior Kaplan kaplan at debian.org
Tue May 6 11:23:01 UTC 2014


Quoting upstream's changelog:

Fixed bug #67060 <http://bugs.php.net/67060> (possible privilege escalation
> due to insecure default configuration). (CVE-2014-0185))
>

Kaplan


On Tue, May 6, 2014 at 12:22 PM, Louis Matthijssen <naxiz.m at gmail.com>wrote:

> Package: php5-fpm
> Version: 5.5.12+dfsg-1
> Severity: important
>
> Dear Maintainer,
>
>    * What led up to the situation?
>      I upgraded from 5.5.11+dfsg-3 to 5.5.12+dfsg-1 using apt-get upgrade.
>      There are no changes in the configuration by me.
>      After each start of php5-fpm, permissions are set to srw-rw---- by
> default
>      for /var/run/php5-fpm.sock, causing nginx to get a permission denied
> error:
>      [crit] 12317#0: *1140 connect() to unix:/var/run/php5-fpm.sock failed
>      (13: Permission denied) while connecting to upstream
>    * What exactly did you do (or not do) that was effective (or
>      ineffective)?
>      Using chmod 666 /var/run/php5-fpm.sock.
>    * What was the outcome of this action?
>      Permissions are restored.
>
> -- Package-specific info:
> ==== Additional PHP 5 information ====
>
> ++++ PHP 5 SAPI (php5query -S): ++++
> fpm
>
> ++++ PHP 5 Extensions (php5query -M -v): ++++
> pdo (Enabled for fpm by maintainer script)
> pdo_mysql (Enabled for fpm by maintainer script)
> gd (Enabled for fpm by maintainer script)
> opcache (Enabled for fpm by maintainer script)
> mysql (Enabled for fpm by maintainer script)
> json (Enabled for fpm by maintainer script)
> mysqli (Enabled for fpm by maintainer script)
> mcrypt (Enabled for fpm by maintainer script)
>
> ++++ Configuration files: ++++
> [PHP]
> engine = On
> short_open_tag = Off
> asp_tags = Off
> precision = 14
> output_buffering = 4096
> zlib.output_compression = Off
> implicit_flush = Off
> unserialize_callback_func =
> serialize_precision = 17
> disable_functions =
> pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
> disable_classes =
> zend.enable_gc = On
> expose_php = On
> max_execution_time = 30
> max_input_time = 60
> memory_limit = 128M
> error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
> display_errors = Off
> display_startup_errors = Off
> log_errors = On
> log_errors_max_len = 1024
> ignore_repeated_errors = Off
> ignore_repeated_source = Off
> report_memleaks = On
> track_errors = Off
> html_errors = On
> variables_order = "GPCS"
> request_order = "GP"
> register_argc_argv = Off
> auto_globals_jit = On
> post_max_size = 8M
> auto_prepend_file =
> auto_append_file =
> default_mimetype = "text/html"
> doc_root =
> user_dir =
> enable_dl = Off
> file_uploads = On
> upload_max_filesize = 2M
> max_file_uploads = 20
> allow_url_fopen = On
> allow_url_include = Off
> default_socket_timeout = 60
> [CLI Server]
> cli_server.color = On
> [Date]
> [filter]
> [iconv]
> [intl]
> [sqlite]
> [sqlite3]
> [Pcre]
> [Pdo]
> [Pdo_mysql]
> pdo_mysql.cache_size = 2000
> pdo_mysql.default_socket=
> [Phar]
> [mail function]
> SMTP = localhost
> smtp_port = 25
> mail.add_x_header = On
> [SQL]
> sql.safe_mode = Off
> [ODBC]
> odbc.allow_persistent = On
> odbc.check_persistent = On
> odbc.max_persistent = -1
> odbc.max_links = -1
> odbc.defaultlrl = 4096
> odbc.defaultbinmode = 1
> [Interbase]
> ibase.allow_persistent = 1
> ibase.max_persistent = -1
> ibase.max_links = -1
> ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
> ibase.dateformat = "%Y-%m-%d"
> ibase.timeformat = "%H:%M:%S"
> [MySQL]
> mysql.allow_local_infile = On
> mysql.allow_persistent = On
> mysql.cache_size = 2000
> mysql.max_persistent = -1
> mysql.max_links = -1
> mysql.default_port =
> mysql.default_socket =
> mysql.default_host =
> mysql.default_user =
> mysql.default_password =
> mysql.connect_timeout = 60
> mysql.trace_mode = Off
> [MySQLi]
> mysqli.max_persistent = -1
> mysqli.allow_persistent = On
> mysqli.max_links = -1
> mysqli.cache_size = 2000
> mysqli.default_port = 3306
> mysqli.default_socket =
> mysqli.default_host =
> mysqli.default_user =
> mysqli.default_pw =
> mysqli.reconnect = Off
> [mysqlnd]
> mysqlnd.collect_statistics = On
> mysqlnd.collect_memory_statistics = Off
> [OCI8]
> [PostgreSQL]
> pgsql.allow_persistent = On
> pgsql.auto_reset_persistent = Off
> pgsql.max_persistent = -1
> pgsql.max_links = -1
> pgsql.ignore_notice = 0
> pgsql.log_notice = 0
> [Sybase-CT]
> sybct.allow_persistent = On
> sybct.max_persistent = -1
> sybct.max_links = -1
> sybct.min_server_severity = 10
> sybct.min_client_severity = 10
> [bcmath]
> bcmath.scale = 0
> [browscap]
> [Session]
> session.save_handler = files
> session.use_strict_mode = 0
> session.use_cookies = 1
> session.use_only_cookies = 1
> session.name = PHPSESSID
> session.auto_start = 0
> session.cookie_lifetime = 0
> session.cookie_path = /
> session.cookie_domain =
> session.cookie_httponly =
> session.serialize_handler = php
> session.gc_probability = 0
> session.gc_divisor = 1000
> session.gc_maxlifetime = 1440
> session.referer_check =
> session.cache_limiter = nocache
> session.cache_expire = 180
> session.use_trans_sid = 0
> session.hash_function = 0
> session.hash_bits_per_character = 5
> url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
> [MSSQL]
> mssql.allow_persistent = On
> mssql.max_persistent = -1
> mssql.max_links = -1
> mssql.min_error_severity = 10
> mssql.min_message_severity = 10
> mssql.compatibility_mode = Off
> mssql.secure_connection = Off
> [Assertion]
> [COM]
> [mbstring]
> [gd]
> [exif]
> [Tidy]
> tidy.clean_output = Off
> [soap]
> soap.wsdl_cache_enabled=1
> soap.wsdl_cache_dir="/tmp"
> soap.wsdl_cache_ttl=86400
> soap.wsdl_cache_limit = 5
> [sysvshm]
> [ldap]
> ldap.max_links = -1
> [mcrypt]
> [dba]
> [opcache]
> [curl]
>
> **** /etc/php5/fpm/conf.d/10-pdo.ini ****
> extension=pdo.so
>
> **** /etc/php5/fpm/conf.d/20-gd.ini ****
> extension=gd.so
>
> **** /etc/php5/fpm/conf.d/20-mysqli.ini ****
> extension=mysqli.so
>
> **** /etc/php5/fpm/conf.d/20-mcrypt.ini ****
> extension=mcrypt.so
>
> **** /etc/php5/fpm/conf.d/20-pdo_mysql.ini ****
> extension=pdo_mysql.so
>
> **** /etc/php5/fpm/conf.d/05-opcache.ini ****
> zend_extension=opcache.so
>
> **** /etc/php5/fpm/conf.d/20-mysql.ini ****
> extension=mysql.so
>
> **** /etc/php5/fpm/conf.d/20-json.ini ****
> extension=json.so
>
>
> -- System Information:
> Debian Release: jessie/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.14-1-amd64 (SMP w/1 CPU core)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5-fpm depends on:
> ii  dpkg                 1.17.9
> ii  init-system-helpers  1.18
> ii  libbz2-1.0           1.0.6-5
> ii  libc6                2.18-5
> ii  libcomerr2           1.42.9-3
> ii  libdb5.3             5.3.28-3
> ii  libgssapi-krb5-2     1.12.1+dfsg-1
> ii  libk5crypto3         1.12.1+dfsg-1
> ii  libkrb5-3            1.12.1+dfsg-1
> ii  libmagic1            1:5.18-1
> ii  libonig2             5.9.1-1
> ii  libpcre3             1:8.31-5
> ii  libqdbm14            1.8.78-3+b1
> ii  libssl1.0.0          1.0.1g-3
> ii  libsystemd-daemon0   204-10
> ii  libxml2              2.9.1+dfsg1-3
> ii  mime-support         3.54
> ii  php5-common          5.5.12+dfsg-1
> ii  php5-json            1.3.5-1
> ii  tzdata               2014b-1
> ii  ucf                  3.0028
> ii  zlib1g               1:1.2.8.dfsg-1
>
> php5-fpm recommends no packages.
>
> Versions of packages php5-fpm suggests:
> pn  php-pear  <none>
>
> Versions of packages php5-common depends on:
> ii  libc6   2.18-5
> ii  lsof    4.86+dfsg-1
> ii  psmisc  22.21-2
> ii  sed     4.2.2-4
> ii  ucf     3.0028
>
> Versions of packages php5-common suggests:
> pn  php5-user-cache  <none>
>
> -- no debconf information
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20140506/faeb9d25/attachment-0001.html>


More information about the pkg-php-maint mailing list