Page MenuHomePhabricator
Create Task
Maniphest T78159

Fix superfluous Warning: is_executable(): open_basedir restriction in effect in /includes/GlobalFunctions.php on line 2809
Closed, DeclinedPublic
Actions

Description

In MediaWiki 1.24 this error occurs at several places (e.g. after uploading an image, but also at a number of other occasions):

Warning: is_executable(): open_basedir restriction in effect. File(/bin/bash) is not within the allowed path(s): (list of the paths...) in /includes/GlobalFunctions.php on line 2809

The code is this:

function wfShellExec( $cmd, &$retval = null, $environ = array(),
	...
	if ( is_executable( '/bin/bash' ) ) {
		...

/bin/bash in fact is not in the allowed paths. However, wfShellExec() will work anyway! If the bash is not usable (like in my case), it is working as well (e.g. images are uploaded correctly, thumbnails are created correctly and so on). In this case - apart from the warning - the function is working as well. All this is_executable()-line in its current form is there for seems to be to create this warning...

I see two possible solutions:

  • Change this check to something else, which does not throw a warning.
  • Or (if that is not possible) at least suppress the error with something like @is_executable().

I prefer the first one, but I do not have the code for that right now. If necessary I can also live with the second one.

Event Timeline

Joergi123 created this task.Dec 10 2014, 4:36 PM
Joergi123 raised the priority of this task from to Needs Triage.
Joergi123 updated the task description. (Show Details)
Joergi123 added a project: MediaWiki-Core-Team.
Joergi123 changed Security from none to None.
Joergi123 subscribed.
demon edited projects, added MediaWiki-General; removed MediaWiki-Core-Team.Dec 10 2014, 4:43 PM
Aklapper triaged this task as Low priority.Mar 21 2015, 10:03 PM
Scnd awarded a token.Feb 21 2016, 3:21 PM
Scnd subscribed.
Scnd added a comment.Feb 21 2016, 4:54 PM

Yeah, the only solution is to edit apache config by adding php_admin_value open_basedir "/home/user:/bin/bash" what's not possible for shared hosting.

Joergi123 added a comment.Feb 22 2016, 9:48 PM

In the meantime, I have adjusted my configuration, so that I am no longer hit by this problem.

However, the issue remains. What I am saying is: wfShellExec() works anyway, even if /bin/bash is not executable. The check for is_executable() at least in this form only throws a warning, but does nothing else.

Ckujau subscribed.Aug 10 2016, 6:24 AM

IMHO adding /bin/bash to open_basedir should not be recommended. This directive is often used to explicitly limit file system access for PHP. Allowing PHP to call a system shell doesn't sound like a good idea to me. (MW 1.26 here, the warning is logged 3 times for each picture upload, but no UI errors - only includes/limit.sh is never called, of course.)

Joergi123 unsubscribed.Sep 23 2020, 6:39 PM
Joergi123 closed this task as Declined.Oct 1 2020, 5:47 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits