From 7c8a3e426e61072dac54bc8584f22f1ee37b8b00 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 1 Mar 2024 17:44:14 +0100
Subject: [PATCH] Fix GH-11808: Live filesystem modified by tests (security)

There's a test that tries to make /etc world-writable, and asserts that
it fails. Although this test is guarded by a root user check, there are
situations where you don't need to be root to be able to do this.
This may thus have unwanted effects on your live filesystem.

The simple solution is to remove that part of the test. It doesn't
really add value anyway: we're trying to test the chmod error path, but
that exact same error path can be reached with any failure condition
that the kernel gives. For example, trying to chmod a non-existent file
will trigger the same code path.

While at it, also prefix the test path for the non-existent file such
that we don't accidentally modify the filesystem.

The chroot now has a better root-user check, that will not modify the
filesystem.

Other root-modifying mkdir tests were removed because they added no
value either.

Closes GH-13566.
---
 NEWS                                    |  3 +++
 ext/standard/tests/file/006_error.phpt  | 25 +++----------------
 ext/standard/tests/file/chroot_001.phpt | 18 ++++++++++----
 ext/standard/tests/file/mkdir-004.phpt  | 32 +++++++++++--------------
 ext/standard/tests/file/mkdir-005.phpt  | 25 -------------------
 ext/standard/tests/file/mkdir-006.phpt  | 20 ----------------
 6 files changed, 33 insertions(+), 90 deletions(-)
 delete mode 100644 ext/standard/tests/file/mkdir-005.phpt
 delete mode 100644 ext/standard/tests/file/mkdir-006.phpt

diff --git a/NEWS b/NEWS
index 503c841e655..3f6a05ade1c 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
     in PHP 8.2.15). (nielsdos)
 
+- Standard:
+  . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
+
 - XML:
   . Fixed bug GH-13517 (Multiple test failures when building with
     --with-expat). (nielsdos)
diff --git a/ext/standard/tests/file/006_error.phpt b/ext/standard/tests/file/006_error.phpt
index 98caa4d1e11..26c977b9ea5 100644
--- a/ext/standard/tests/file/006_error.phpt
+++ b/ext/standard/tests/file/006_error.phpt
@@ -11,20 +11,9 @@ require __DIR__ . '/../skipif_root.inc';
 <?php
 echo "*** Testing error conditions for fileperms(), chmod() ***\n";
 
-/* With standard files and dirs */
-var_dump( chmod("/etc/passwd", 0777) );
-printf("%o", fileperms("/etc/passwd") );
-echo "\n";
-clearstatcache();
-
-var_dump( chmod("/etc", 0777) );
-printf("%o", fileperms("/etc") );
-echo "\n";
-clearstatcache();
-
 /* With non-existing file or dir */
-var_dump( chmod("/no/such/file/dir", 0777) );
-var_dump( fileperms("/no/such/file/dir") );
+var_dump( chmod(__DIR__ . "/no/such/file/dir", 0777) );
+var_dump( fileperms(__DIR__ . "/no/such/file/dir") );
 echo "\n";
 
 echo "\n*** Done ***\n";
@@ -34,16 +23,8 @@ echo "\n*** Done ***\n";
 
 Warning: chmod(): %s in %s on line %d
 bool(false)
-100%d44
 
-Warning: chmod(): %s in %s on line %d
-bool(false)
-40755
-
-Warning: chmod(): No such file or directory in %s on line %d
-bool(false)
-
-Warning: fileperms(): stat failed for /no/such/file/dir in %s on line %d
+Warning: fileperms(): stat failed for %s/no/such/file/dir in %s on line %d
 bool(false)
 
 
diff --git a/ext/standard/tests/file/chroot_001.phpt b/ext/standard/tests/file/chroot_001.phpt
index a8bca2e04bd..79192e98fc9 100644
--- a/ext/standard/tests/file/chroot_001.phpt
+++ b/ext/standard/tests/file/chroot_001.phpt
@@ -2,14 +2,22 @@
 chroot()
 --SKIPIF--
 <?php
-chdir("/");
-if (!@mkdir("testtmpskipifdir")) {
-    die("skip for root only");
-}
-rmdir("testtmpskipifdir");
 if (!function_exists("chroot")) {
     die("skip chroot() not available");
 }
+// Skip if not being run by root (files are always readable, writeable and executable)
+$filename = @tempnam(__DIR__, 'root_check_');
+if (!file_exists($filename)) {
+    die('WARN Unable to create the "root check" file');
+}
+
+$isRoot = fileowner($filename) == 0;
+
+unlink($filename);
+
+if (!$isRoot) {
+    die('SKIP Must be run as root');
+}
 ?>
 --FILE--
 <?php
diff --git a/ext/standard/tests/file/mkdir-004.phpt b/ext/standard/tests/file/mkdir-004.phpt
index 7de0e45894d..1974faa0b60 100644
--- a/ext/standard/tests/file/mkdir-004.phpt
+++ b/ext/standard/tests/file/mkdir-004.phpt
@@ -1,24 +1,20 @@
 --TEST--
-recursive mkdir() tests
---SKIPIF--
-<?php
-chdir("/");
-if (!@mkdir("testtmpskipifdir")) {
-    die("skip for root only");
-}
-rmdir("testtmpskipifdir");
-?>
+recursive mkdir() with unclean paths
 --FILE--
 <?php
+chdir(__DIR__);
+$dirpath = "./tmp/foo//bar/logs";
+mkdir($dirpath, 0777, true);
 
-var_dump(mkdir("/testdir/subdir", 0777, true));
-var_dump(rmdir("/testdir/subdir"));
-var_dump(rmdir("/testdir"));
-
-echo "Done\n";
+if (is_dir($dirpath)) {
+    echo "Ok.\n";
+} else {
+    echo "Failed.\n";
+}
+rmdir("./tmp/foo/bar/logs");
+rmdir("./tmp/foo/bar/");
+rmdir("./tmp/foo/");
+rmdir("./tmp/");
 ?>
 --EXPECT--
-bool(true)
-bool(true)
-bool(true)
-Done
+Ok.
diff --git a/ext/standard/tests/file/mkdir-005.phpt b/ext/standard/tests/file/mkdir-005.phpt
deleted file mode 100644
index 383f8b18e05..00000000000
--- a/ext/standard/tests/file/mkdir-005.phpt
+++ /dev/null
@@ -1,25 +0,0 @@
---TEST--
-recursive mkdir() tests
---SKIPIF--
-<?php
-chdir("/");
-if (!@mkdir("testtmpskipifdir")) {
-    die("skip for root only");
-}
-rmdir("testtmpskipifdir");
-?>
---FILE--
-<?php
-
-chdir("/");
-var_dump(mkdir("./testdir/subdir", 0777, true));
-var_dump(rmdir("./testdir/subdir"));
-var_dump(rmdir("./testdir"));
-
-echo "Done\n";
-?>
---EXPECT--
-bool(true)
-bool(true)
-bool(true)
-Done
diff --git a/ext/standard/tests/file/mkdir-006.phpt b/ext/standard/tests/file/mkdir-006.phpt
deleted file mode 100644
index 1974faa0b60..00000000000
--- a/ext/standard/tests/file/mkdir-006.phpt
+++ /dev/null
@@ -1,20 +0,0 @@
---TEST--
-recursive mkdir() with unclean paths
---FILE--
-<?php
-chdir(__DIR__);
-$dirpath = "./tmp/foo//bar/logs";
-mkdir($dirpath, 0777, true);
-
-if (is_dir($dirpath)) {
-    echo "Ok.\n";
-} else {
-    echo "Failed.\n";
-}
-rmdir("./tmp/foo/bar/logs");
-rmdir("./tmp/foo/bar/");
-rmdir("./tmp/foo/");
-rmdir("./tmp/");
-?>
---EXPECT--
-Ok.