Warning: getmypid has been disabled Warning: getmypid has been disabled
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Warning: getmypid has been disabled

Started by turtleboy, June 12, 2004, 01:22:38 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

turtleboy

When I try to upload files I gt the following errors returbed:
In the header:
---------------------------------------
Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 1182
---------------------------------------

In the body
---------------------------------------
Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 497

Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 497

Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 497
---------------------------------------

The File is still uploaded though, and when I got tot the next page (naming and putting  description),
it returns this error in the header:
---------------------------------------
Warning: getmypid, getmyuid, getmygid, getopt, getrusage, assert_options, assert, dl, mysql_pconnect, shell_exec, phpinfo() has been disabled for security reasons in /home/content/t/u/r/turtleboy212/html/foto/foto-gallery/upload.php on line 2387
---------------------------------------

The file upload and everything else is successful, I'm just thinking the program is trying to pull some information my server won't allow. Since my site is hosted by another company, I'm pretty sure I can't change anything server-side.. so is there anything I can edit in the upload.php safely to remove these ugly warnings?

hyperion

Your host has disabled getmypid, which is used to get the thread's process number from the server (as no two users can have the same process number at the same time).  This is combined with the time to create a unique identifying string for temporary files.

You can try substituting mt_rand(0, 32000) for getmypid.

The relevant code on 497 and 1182 will look like this:


        $unique_ID = substr(md5(microtime().getmypid()), 0, 8);


Change it to:


        $unique_ID = substr(md5(microtime().mt_rand(0, 32000)), 0, 8);


If you are using less than PHP 4.2, you will need to make it look like this:


        mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
        $unique_ID = substr(md5(microtime().mt_rand(0, 32000)), 0, 8);


Please report if this is helpful to you. 
"Then, Fletch," that bright creature said to him, and the voice was very kind, "let's begin with level flight . . . ."

-Richard Bach, Jonathan Livingston Seagull

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fwww.mozilla.org%2Fproducts%2Ffirefox%2Fbuttons%2Fgetfirefox_small.png&hash=9f6d645801cbc882a52f0ee76cfeda02625fc537)

turtleboy

Ok I replaced the code on lines 497, 1182, and 2387 with what you suggested. And everything works fine now.

You might want to add that on lines 1182 and 2387 the code starts with '$seed' instead of '$unique_id'

Thanks for the help.

Joachim Müller

@Hyperion and devs: since many webhosts react on script kiddy attacks against PHP weaknesses with "hardened" policies we might encounter such issues more frequently in the future, so I suggest we might want to consider adding checking routines wether getmypid() has been disabled and use random numbers instead as a fall back.

GauGau

Pim

Hi Guys,

I have the same problems, but I am not a whizz kid, so I do not understand a thing in the offered solution. Is there a way to solve this?

Error message:

Warning: getmypid, dl, leak, chgrp() has been disabled for security reasons in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 1186


Warning: getmypid, dl, leak, chgrp() has been disabled for security reasons in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 501


Thanks very much!

Pim.



Nibbler

You need to download the copy of upload.php from your server, and use a simple text editor eg notepad to find and change


        $unique_ID = substr(md5(microtime().getmypid()), 0, 8);


to


        $unique_ID = substr(md5(microtime().mt_rand(0, 32000)), 0, 8);


then upload the changed file to your server, overwriting the old one.

Pim

Hmm I did this (easy - even for me!!), but it gave me more problems:

Warning: is_dir(): Stat failed for ./albums/edit/. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 432

Warning: filemtime(): Stat failed for ./albums/edit/. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 440

Warning: unlink(./albums/edit/.): Permission denied in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 453

Warning: is_dir(): Stat failed for ./albums/edit/.. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 432

Warning: filemtime(): Stat failed for ./albums/edit/.. (errno=13 - Permission denied) in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 440

Warning: unlink(./albums/edit/..): Permission denied in /data/members/paid/t/o/tocn.info/htdocs/album/upload.php on line 453


This appears when I go to Upload File.

Nibbler

That is an unrelated problem, please search the board.

dragonfire

i've got one anoying error...
i had 3 errors, i searched the forum, lost 2 errors, now i'm stuck with 1 annoying error


Warning: getmypid, dl, leak, listen, chown, chmod, chgrp, realpath, tmpfile, link, mb_send_mail() has been disabled for security reasons in /data/members/free/tripod/nl/l/a/u/laurenz/htdocs/upload.php on line 1183

i've searched everywhere...
i used this bit it didn't work for me...

if you say that i have to search the forum, i already did, so help me with searching plz then...

i beg you guys, i hope i can trust you people :)

Casper

Merged with the thread you quoted, although it did not work for you.
Please post problems on the correct board.
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

dragonfire

Quote from: Casper on September 30, 2004, 05:19:45 PM
Merged with the thread you quoted, although it did not work for you.
Please post problems on the correct board.
yeah yeah, plz, just give me one answer!!!

Casper

If I had the answer I would have posted it.  But being frustrated is no excuse for being rude, or not posting in the correct place, where you are most likely to get the help you need in the first place. >:(
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

dragonfire

Quote from: Casper on September 30, 2004, 05:49:47 PM
If I had the answer I would have posted it. But being frustrated is no excuse for being rude, or not posting in the correct place, where you are most likely to get the help you need in the first place. >:(
ok, srry that i was so mean, but i had hurry :(
i had to go to my guitar lesson...
sorry...i mean this...

but can you help me plz then?

Tranz

The problem was due to Tripod's settings. Try this:
http://forum.coppermine-gallery.net/index.php?topic=7289.0

If you still have problems, search the board for Tripod and you'll see the various issues with using Tripod.

dragonfire

Quote from: TranzNDance on September 30, 2004, 06:26:04 PM
The problem was due to Tripod's settings. Try this:
http://forum.coppermine-gallery.net/index.php?topic=7289.0

If you still have problems, search the board for Tripod and you'll see the various issues with using Tripod.
it won't work...i find to times that sort of text...do i have to change both?
can't you post an working version?
or is it the problem that i use version 1.3.0 and not 1.3.2???

help me!!!

Tranz

Quote from: dragonfire on September 30, 2004, 08:20:32 PM
or is it the problem that i use version 1.3.0 and not 1.3.2???
It might help to use the latest version.

Nibbler

dragonfire: simply change the code in all occurences as described in upload.php and image_processor.php

substr(md5(microtime().getmypid()), 0, 8);
becomes
substr(md5(uniqid("")), 0, 8);


[note: applied to dev branch.]

laubert

Hi,

I also found the line :
$seed = substr(md5(microtime().getmypid()), 0, 8);
three times in upload.php.

Can I change the three :
substr(md5(microtime().getmypid()), 0, 8)
by
substr(md5(microtime().mt_rand(0, 32000)), 0, 8)

?



Oops, of course there are no smilies but number eight in the file
Thank you. :D

Nibbler

Yes, you can use any method you like to get a random string.