[php-maint] Bug#766147: Bug#766147: php5-common: session cleanup can be misused to change modification time of arbitrary files to "now" when symlink protection not enabled

[Ondřej Surý]

On Tue, Oct 21, 2014, at 11:16, Fiedler Roman wrote:
> > Von: Ondřej Surý [mailto:ondrej at sury.org]
> > 
> > On Tue, Oct 21, 2014, at 10:55, Fiedler Roman wrote:
> > > > Von: Ondřej Surý [mailto:ondrej at sury.org]
> > > >
> > > > Hi,
> > > >
> > > > TL;DR: "s/touch -c/touch -c -h/", right?
> > >
> > > This will fix it for arbitrary symlinks, the only remaining issues would
> > > be
> > >
> > > a) keeping open a file ".. xxxx", which will update the parent directory
> > > modification time.
> > 
> > Which parent directory? The session dir or the symlink targe parent
> > directory?
> 
> The /var/lib directory: Since the the parsing of the lsof output is
> broken (awk uses "$9"), an open file ".. xxxx" will cause touch -c
> "/var/lib/php5/.." without involving any symlinks.

I see...

[ -x /usr/bin/lsof ] && /usr/bin/lsof -w -l +d "${1}" -Fn | grep -E "^n"
| cut -b 2- | xargs -i touch -c -h {}

JFTR jessie&sid has a new script that takes a different approach and
might suffer from the same bug if you manage to open a file in
/var/lib/php5/sessions/ with active php5 process.

Cheers,
-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server