Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-26292] Set open_basedir and disable_functions to NULL for PECL

Discussion in 'EasyApache' started by lukapaunovic, Mar 8, 2019.

  1. lukapaunovic

    lukapaunovic Well-Known Member

    Joined:
    Jul 29, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Užice, Serbia
    cPanel Access Level:
    Root Administrator
    Hi cPanel mods, please open case regarding this.

    The current content of

    /opt/cpanel/ea-phpXX/root/usr/bin/pecl

    looks similar to this (varies per PHP version):

    Code:
    #!/bin/sh
    
    exec /opt/cpanel/ea-phpXX/root/usr/bin/php -C \
        -d include_path=/usr/share/pear \
        -d date.timezone=UTC \
        -d output_buffering=1 \
        -d variables_order=EGPCS \
        -d safe_mode=0 \
        -d register_argc_argv="On" \
        /opt/cpanel/ea-phpXX/root/usr/share/pear/peclcmd.php "[email protected]"
                                                                   

    As you see we already have safe_mode disabled if enabled, we need this for open_basedir and disable_functions too, otherwise, pecl won't work.
    I modified the script, as can be seen bellow, I set open_basedir and disable_functions to NULL and my pecl works again. I believe this should be default as there are many people who define those two variables on their servers in order to protect their server

    Code:
    #!/bin/sh
    
    exec /opt/cpanel/ea-phpXX/root/usr/bin/php -C \
        -d include_path=/usr/share/pear \
        -d date.timezone=UTC \
        -d output_buffering=1 \
        -d variables_order=EGPCS \
        -d safe_mode=0 \
        -d register_argc_argv="On" \
        -d open_basedir=NULL \
        -d disable_functions=NULL \
        /opt/cpanel/ea-phpXX/root/usr/share/pear/peclcmd.php "[email protected]"
                                                                  
    I spent some time figuring out why pecl is not working and it was because of my strict open_basedir and disable_functions values.

    This needs to be implemented ASAP.
    Thank you
     
    #1 lukapaunovic, Mar 8, 2019
    Last edited: Mar 9, 2019
  2. lukapaunovic

    lukapaunovic Well-Known Member

    Joined:
    Jul 29, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Užice, Serbia
    cPanel Access Level:
    Root Administrator
    ello @vacancy, this is unrelated to this post.
    I'm talking here about Module Installer -> PHP Pecl installer or when you manually run pecl for specific PHP version like:

    Code:
    /opt/cpanel/ea-phpXX/root/usr/bin/pecl install imagick
    If you have defined open_basedir to e.g.:

    Code:
    open_basedir = "/home:/tmp:/var/cpanel/php/sessions/ea-php72"
    Like many admins do, pecl can't access /opt/cpanel/ea-php72 folder, and I doubt any of the sysadmins are aware to put /opt/cpanel/ea-php72 to allowed paths in basedir.

    Which will make pecl not work, also if you have defined disable functions popen/proc_open pecl won't also work.
    That's why setting these to NULL when running pecl is necessary.

    @cPanelMichael please open case for this. Thanks.
     
    #3 lukapaunovic, Mar 9, 2019
    Last edited: Mar 9, 2019
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,534
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @lukapaunovic,

    Can you open a support ticket so we can take a closer look and reproduce the issue on an affected system? You can post the ticket number here and we'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. lukapaunovic

    lukapaunovic Well-Known Member

    Joined:
    Jul 29, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Užice, Serbia
    cPanel Access Level:
    Root Administrator
    No, I just came here to report the issue.

    Here is how to reproduce:

    Open MultiPHP Ini editor for some PHP version in WHM, let's say 7.0

    set disable_functions variable to
    Code:
    disable_functions = "pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,show_source,system,passthru,shell_exec,proc_open,popen,phpinfo"
    Set open_basedir variable to

    Code:
    open_basedir = "/home:/tmp:/var/cpanel/php/sessions/ea-php70"
    Now, try installing something via PECL for the version 7.0
    You'll see the errors about open_basedir restriction (pecl unable to access /opt/cpanel/ea-php72), and afterward, the problems will arise because of popen disabled.

    That's why it's required each of the /opt/cpanel/ea-phpXX/root/usr/bin/pecl
    has these variables set to null so they don't interfere with PECL!

    I hope i explained this, I can't do it better.
    A regular user won't know how to troubleshoot this issue, and this will prevent many support requests being opened regarding this.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,534
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @lukapaunovic,

    I've reported this as part of internal case CPANEL-26292. I'll update this thread with more information on the status of this case as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    lukapaunovic likes this.
  6. lukapaunovic

    lukapaunovic Well-Known Member

    Joined:
    Jul 29, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Užice, Serbia
    cPanel Access Level:
    Root Administrator
    Come one @cPanelMichael fix this already :(
    It's just two lines to override basdir and disable functions when pecl is running!
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,534
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @lukapaunovic,

    This case is an improvement request so updates to the case status may not occur as quickly as a typical defect report. I'll continue to monitor the case and update this thread with new information as it becomes available.

    In the meantime, the temporary workaround is to set the open_basedir and disable_functions lines to NULL in the corresponding /opt/cpanel/ea-php$$/root/usr/bin/pecl files:

    Code:
    -d disable_functions=NULL \
    -d open_basedir=NULL \
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice