[php-maint] Bug#682157: php-pear: use of /tmp is not mulituser safe

Laurent Martelli laurent at bearteam.org
Thu Jul 19 20:28:09 UTC 2012 

Package: php-pear
Version: 5.4.4-2
Severity: important

Dear Maintainer,

"pear download" leaves files in /tmp/pear/cache, so that if 2 users use it,
there are interferences because directories and files are only writable by the
user who first ran the command. Other users will then face failures with
unclear messages like this:

$ pear download HTML_Common2

Warning: lstat(): Lstat failed for
/tmp/pear/cache/3fbb9a4a8ce980205256b12627511dacrest.cacheid in PEAR/REST.php
on line 276
PHP Warning:  lstat(): Lstat failed for
/tmp/pear/cache/3fbb9a4a8ce980205256b12627511dacrest.cacheid in
/usr/share/php/PEAR/REST.php on line 276
PHP Stack trace:
PHP   1. {main}() /usr/share/php/pearcmd.php:0
PHP   2. PEAR_Command_Common->run() /usr/share/php/pearcmd.php:305
PHP   3. PEAR_Command_Remote->doDownload()
/usr/share/php/PEAR/Command/Common.php:271
PHP   4. PEAR_Downloader->download() /usr/share/php/PEAR/Command/Remote.php:607
PHP   5. PEAR_Downloader_Package->initialize()
/usr/share/php/PEAR/Downloader.php:279
PHP   6. PEAR_Downloader_Package->_fromString()
/usr/share/php/PEAR/Downloader/Package.php:190
PHP   7. PEAR_Downloader->_getPackageDownloadUrl()
/usr/share/php/PEAR/Downloader/Package.php:1713
PHP   8. PEAR_REST_13->getDownloadURL() /usr/share/php/PEAR/Downloader.php:850
PHP   9. PEAR_REST->retrieveData() /usr/share/php/PEAR/REST/13.php:68
PHP  10. PEAR_REST->saveCache() /usr/share/php/PEAR/REST.php:163
PHP  11. PEAR_REST->saveCacheFile() /usr/share/php/PEAR/REST.php:246
PHP  12. lstat() /usr/share/php/PEAR/REST.php:276
No releases available for package "pear.php.net/HTML_Common2"
download failed

A quick fix would be to default to a tmp dir located in the user's home
directory.



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php-pear depends on:
ii  php5-cli     5.4.4-2
ii  php5-common  5.4.4-2

Versions of packages php-pear recommends:
ii  gnupg  1.4.12-4+b1

Versions of packages php-pear suggests:
ii  php5-dev  5.4.4-2

-- no debconf information

More information about the pkg-php-maint mailing list