mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-01 19:22:42 +01:00
Move open_basedir and safe_mode checks into new setup
Summary: Newer and shinier! Test Plan: Intentionally misconfigured myself into all three setup failures (safe_mode, open_basedir/fatal, open_basedir/nonfatal). Reviewers: chad, btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2228 Differential Revision: https://secure.phabricator.com/D4589
This commit is contained in:
parent
24845bec42
commit
27ec272057
3 changed files with 115 additions and 84 deletions
|
@ -1221,6 +1221,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorSetupCheckInvalidConfig' => 'applications/config/check/PhabricatorSetupCheckInvalidConfig.php',
|
'PhabricatorSetupCheckInvalidConfig' => 'applications/config/check/PhabricatorSetupCheckInvalidConfig.php',
|
||||||
'PhabricatorSetupCheckMail' => 'applications/config/check/PhabricatorSetupCheckMail.php',
|
'PhabricatorSetupCheckMail' => 'applications/config/check/PhabricatorSetupCheckMail.php',
|
||||||
'PhabricatorSetupCheckMySQL' => 'applications/config/check/PhabricatorSetupCheckMySQL.php',
|
'PhabricatorSetupCheckMySQL' => 'applications/config/check/PhabricatorSetupCheckMySQL.php',
|
||||||
|
'PhabricatorSetupCheckPHPConfig' => 'applications/config/check/PhabricatorSetupCheckPHPConfig.php',
|
||||||
'PhabricatorSetupCheckPath' => 'applications/config/check/PhabricatorSetupCheckPath.php',
|
'PhabricatorSetupCheckPath' => 'applications/config/check/PhabricatorSetupCheckPath.php',
|
||||||
'PhabricatorSetupCheckStorage' => 'applications/config/check/PhabricatorSetupCheckStorage.php',
|
'PhabricatorSetupCheckStorage' => 'applications/config/check/PhabricatorSetupCheckStorage.php',
|
||||||
'PhabricatorSetupCheckTimezone' => 'applications/config/check/PhabricatorSetupCheckTimezone.php',
|
'PhabricatorSetupCheckTimezone' => 'applications/config/check/PhabricatorSetupCheckTimezone.php',
|
||||||
|
@ -2586,6 +2587,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorSetupCheckInvalidConfig' => 'PhabricatorSetupCheck',
|
'PhabricatorSetupCheckInvalidConfig' => 'PhabricatorSetupCheck',
|
||||||
'PhabricatorSetupCheckMail' => 'PhabricatorSetupCheck',
|
'PhabricatorSetupCheckMail' => 'PhabricatorSetupCheck',
|
||||||
'PhabricatorSetupCheckMySQL' => 'PhabricatorSetupCheck',
|
'PhabricatorSetupCheckMySQL' => 'PhabricatorSetupCheck',
|
||||||
|
'PhabricatorSetupCheckPHPConfig' => 'PhabricatorSetupCheck',
|
||||||
'PhabricatorSetupCheckPath' => 'PhabricatorSetupCheck',
|
'PhabricatorSetupCheckPath' => 'PhabricatorSetupCheck',
|
||||||
'PhabricatorSetupCheckStorage' => 'PhabricatorSetupCheck',
|
'PhabricatorSetupCheckStorage' => 'PhabricatorSetupCheck',
|
||||||
'PhabricatorSetupCheckTimezone' => 'PhabricatorSetupCheck',
|
'PhabricatorSetupCheckTimezone' => 'PhabricatorSetupCheck',
|
||||||
|
|
113
src/applications/config/check/PhabricatorSetupCheckPHPConfig.php
Normal file
113
src/applications/config/check/PhabricatorSetupCheckPHPConfig.php
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorSetupCheckPHPConfig extends PhabricatorSetupCheck {
|
||||||
|
|
||||||
|
public function getExecutionOrder() {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function executeChecks() {
|
||||||
|
$safe_mode = ini_get('safe_mode');
|
||||||
|
if ($safe_mode) {
|
||||||
|
$message = pht(
|
||||||
|
"You have 'safe_mode' enabled in your PHP configuration, but ".
|
||||||
|
"Phabricator will not run in safe mode. Safe mode has been deprecated ".
|
||||||
|
"in PHP 5.3 and removed in PHP 5.4.".
|
||||||
|
"\n\n".
|
||||||
|
"Disable safe mode to continue.");
|
||||||
|
|
||||||
|
$this->newIssue('php.safe_mode')
|
||||||
|
->setIsFatal(true)
|
||||||
|
->setName(pht('Disable PHP safe_mode'))
|
||||||
|
->setMessage($message)
|
||||||
|
->addPHPConfig('safe_mode');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$open_basedir = ini_get('open_basedir');
|
||||||
|
if ($open_basedir) {
|
||||||
|
|
||||||
|
// 'open_basedir' restricts which files we're allowed to access with
|
||||||
|
// file operations. This might be okay -- we don't need to write to
|
||||||
|
// arbitrary places in the filesystem -- but we need to access certain
|
||||||
|
// resources. This setting is unlikely to be providing any real measure
|
||||||
|
// of security so warn even if things look OK.
|
||||||
|
|
||||||
|
$failures = array();
|
||||||
|
|
||||||
|
try {
|
||||||
|
$open_libphutil = class_exists('Future');
|
||||||
|
} catch (Exception $ex) {
|
||||||
|
$failures[] = $ex->getMessage();
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$open_arcanist = class_exists('ArcanistDiffParser');
|
||||||
|
} catch (Exception $ex) {
|
||||||
|
$failures[] = $ex->getMessage();
|
||||||
|
}
|
||||||
|
|
||||||
|
$open_urandom = false;
|
||||||
|
try {
|
||||||
|
Filesystem::readRandomBytes(1);
|
||||||
|
$open_urandom = true;
|
||||||
|
} catch (FilesystemException $ex) {
|
||||||
|
$failures[] = $ex->getMessage();
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$tmp = new TempFile();
|
||||||
|
file_put_contents($tmp, '.');
|
||||||
|
$open_tmp = @fopen((string)$tmp, 'r');
|
||||||
|
if (!$open_tmp) {
|
||||||
|
$failures[] = pht(
|
||||||
|
"Unable to read temporary file '%s'.",
|
||||||
|
(string)$tmp);
|
||||||
|
}
|
||||||
|
} catch (Exception $ex) {
|
||||||
|
$message = $ex->getMessage();
|
||||||
|
$dir = sys_get_temp_dir();
|
||||||
|
$failures[] = pht(
|
||||||
|
"Unable to open temp files from '%s': %s",
|
||||||
|
$dir,
|
||||||
|
$message);
|
||||||
|
}
|
||||||
|
|
||||||
|
$issue = $this->newIssue('php.open_basedir')
|
||||||
|
->setName(pht('Disable PHP open_basedir'))
|
||||||
|
->addPHPConfig('open_basedir');
|
||||||
|
|
||||||
|
if ($failures) {
|
||||||
|
$message = pht(
|
||||||
|
"Your server is configured with 'open_basedir', which prevents ".
|
||||||
|
"Phabricator from opening files it requires access to.".
|
||||||
|
"\n\n".
|
||||||
|
"Disable this setting to continue.".
|
||||||
|
"\n\n".
|
||||||
|
"Failures:\n\n%s",
|
||||||
|
implode("\n\n", $failures));
|
||||||
|
|
||||||
|
$issue
|
||||||
|
->setIsFatal(true)
|
||||||
|
->setMessage($message);
|
||||||
|
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
$summary = pht(
|
||||||
|
"You have 'open_basedir' configured in your PHP settings, which ".
|
||||||
|
"may cause some features to fail.");
|
||||||
|
|
||||||
|
$message = pht(
|
||||||
|
"You have 'open_basedir' configured in your PHP settings. Although ".
|
||||||
|
"this setting appears permissive enough that Phabricator will ".
|
||||||
|
"work properly, you may still run into problems because of it.".
|
||||||
|
"\n\n".
|
||||||
|
"Consider disabling 'open_basedir'.");
|
||||||
|
|
||||||
|
$issue
|
||||||
|
->setSummary($summary)
|
||||||
|
->setMessage($message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -15,90 +15,6 @@ final class PhabricatorSetup {
|
||||||
|
|
||||||
self::writeHeader("CORE CONFIGURATION");
|
self::writeHeader("CORE CONFIGURATION");
|
||||||
|
|
||||||
// NOTE: Test this first since other tests depend on the ability to
|
|
||||||
// execute system commands and will fail if safe_mode is enabled.
|
|
||||||
$safe_mode = ini_get('safe_mode');
|
|
||||||
if ($safe_mode) {
|
|
||||||
self::writeFailure();
|
|
||||||
self::write(
|
|
||||||
"Setup failure! You have 'safe_mode' enabled. Phabricator will not ".
|
|
||||||
"run in safe mode, and it has been deprecated in PHP 5.3 and removed ".
|
|
||||||
"in PHP 5.4.\n");
|
|
||||||
return;
|
|
||||||
} else {
|
|
||||||
self::write(" okay PHP's deprecated 'safe_mode' is disabled.\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
// NOTE: Also test this early since we can't include files from other
|
|
||||||
// libraries if this is set strictly.
|
|
||||||
|
|
||||||
$open_basedir = ini_get('open_basedir');
|
|
||||||
if ($open_basedir) {
|
|
||||||
|
|
||||||
// 'open_basedir' restricts which files we're allowed to access with
|
|
||||||
// file operations. This might be okay -- we don't need to write to
|
|
||||||
// arbitrary places in the filesystem -- but we need to access certain
|
|
||||||
// resources. This setting is unlikely to be providing any real measure
|
|
||||||
// of security so warn even if things look OK.
|
|
||||||
|
|
||||||
try {
|
|
||||||
$open_libphutil = class_exists('Future');
|
|
||||||
} catch (Exception $ex) {
|
|
||||||
$message = $ex->getMessage();
|
|
||||||
self::write("Unable to load modules from libphutil: {$message}\n");
|
|
||||||
$open_libphutil = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
$open_arcanist = class_exists('ArcanistDiffParser');
|
|
||||||
} catch (Exception $ex) {
|
|
||||||
$message = $ex->getMessage();
|
|
||||||
self::write("Unable to load modules from Arcanist: {$message}\n");
|
|
||||||
$open_arcanist = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$open_urandom = false;
|
|
||||||
try {
|
|
||||||
Filesystem::readRandomBytes(1);
|
|
||||||
$open_urandom = true;
|
|
||||||
} catch (FilesystemException $ex) {
|
|
||||||
self::write($ex->getMessage()."\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
$tmp = new TempFile();
|
|
||||||
file_put_contents($tmp, '.');
|
|
||||||
$open_tmp = @fopen((string)$tmp, 'r');
|
|
||||||
} catch (Exception $ex) {
|
|
||||||
$message = $ex->getMessage();
|
|
||||||
$dir = sys_get_temp_dir();
|
|
||||||
self::write("Unable to open temp files from '{$dir}': {$message}\n");
|
|
||||||
$open_tmp = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$open_urandom || !$open_tmp || !$open_libphutil || !$open_arcanist) {
|
|
||||||
self::writeFailure();
|
|
||||||
self::write(
|
|
||||||
"Setup failure! Your server is configured with 'open_basedir' in ".
|
|
||||||
"php.ini which prevents Phabricator from opening files it needs to ".
|
|
||||||
"access. Either make the setting more permissive or remove it. It ".
|
|
||||||
"is unlikely you derive significant security benefits from having ".
|
|
||||||
"this configured; files outside this directory can still be ".
|
|
||||||
"accessed through system command execution.");
|
|
||||||
return;
|
|
||||||
} else {
|
|
||||||
self::write(
|
|
||||||
"[WARN] You have an 'open_basedir' configured in your php.ini. ".
|
|
||||||
"Although the setting seems permissive enough that Phabricator ".
|
|
||||||
"will run properly, you may run into problems because of it. It is ".
|
|
||||||
"unlikely you gain much real security benefit from having it ".
|
|
||||||
"configured, because the application can still access files outside ".
|
|
||||||
"the 'open_basedir' by running system commands.\n");
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
self::write(" okay 'open_basedir' is not set.\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!PhabricatorEnv::getEnvConfig('security.alternate-file-domain')) {
|
if (!PhabricatorEnv::getEnvConfig('security.alternate-file-domain')) {
|
||||||
self::write(
|
self::write(
|
||||||
"[WARN] You have not configured 'security.alternate-file-domain'. ".
|
"[WARN] You have not configured 'security.alternate-file-domain'. ".
|
||||||
|
|
Loading…
Reference in a new issue