Page MenuHomePhorge
Create Task
Maniphest T15065

Allow to do not forbid "open_basedir"
Open, WishlistPublic
Actions

Description

What is open_basedir?

The open_basedir keyword adds an extra safety net to whatever PHP application.

It may be good for you.

https://www.php.net/manual/en/ini.core.php#ini.open-basedir

Why it's forbidden now?

At the moment Phabricator/Phorge detects open_basedir at runtime, refusing to run if it is detected, with a fatal error in the preflight setup check. Probably this limitation was set in an attempt to reduce spam (e.g. bugs from people using on weird shared hosting).

Moreover there are also some strange behaviors by Phabricator/Phorge like trying to continuously read the filesystem root (/). These filesystem access attempts are partially involved in this Task and should be avoided to avoid freaking out the systems engineer, as well as not allowing good integration with open_basedir.

Example Phabricator/Phorge RuntimeException:

realpath(): open_basedir restriction in effect. File (/) is not within the allowed path(s): (/var/www/phabricator:/usr:/bin:/tmp:/sbin)

How to do not forbid it?

In short open_basedir is a more than legitimate directive if one knows what he or she is doing.

A legitimate example value may include:

/var/www/your/phorge/httpdocs:/usr:/bin:/tmp:/sbin

Before being able to use it, here some things that can be done:

  • Add a system option (e.g. forbid-openbasedir) with domain true|false (true as default) with description: "If you want to add additional security with the PHP configuration "open_basedir" you need to set this configuration to false to skip setup checks but you need to know what you're doing."
  • Update the TODO in ./src/applications/config/check/PhabricatorPHPPreflightSetupCheck.php that says to introduce a system option, and read the above system option to eventually skip that fatal error.
  • Figure out why Phabricator continually tries to read / and avoid it if possible

Related Objects

Event Timeline

valerio.bozzolan created this task.Dec 3 2021, 10:13
Herald added subscribers: chris, speck, tobiaswiese, eax. · View Herald TranscriptDec 3 2021, 10:13
valerio.bozzolan updated the task description. (Show Details)Dec 3 2021, 10:20
valerio.bozzolan triaged this task as Low priority.Dec 3 2021, 10:27
valerio.bozzolan updated the task description. (Show Details)
Ekubischta subscribed.EditedDec 3 2021, 18:05

Here is the commit that introduced this

rP105be01d5f74f4fdff39801bd7551b758c350eef

Here is the task at Phacility

https://secure.phabricator.com/T11627

I feel like in the current world where we can deploy nodes for $5/Month and we can create contained environments in Docker... This shouldn't be an issue? (i.e. We should leave this restriction in place and not revert it)

Cigaryno subscribed.Oct 6 2022, 19:06
valerio.bozzolan lowered the priority of this task from Low to Wishlist.Mar 23 2023, 12:59
valerio.bozzolan added a project: User-valerio.bozzolan.Mar 28 2023, 09:04
valerio.bozzolan moved this task from Backlog to 🔥 Trap on the User-valerio.bozzolan board.Mar 28 2023, 09:42
avivey removed a project: Phorge.May 9 2023, 10:43
avivey subscribed.May 9 2023, 10:45

I don't see a reason to open it. If you know what you're doing and want to enable this feature, you can just change the code locally.

valerio.bozzolan renamed this task from Do not forbid "open_basedir" to Allow to do not forbid "open_basedir".EditedMay 9 2023, 10:48

The title maybe should be "Allow not to diverge too much only to allow hardening with open_basedir"

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0