Merge branch 'pull-request/1360' into PHP-7.0

* pull-request/1360:
  Fixed bug #69582 session not readable by root in CLI
  news entry for PR #1360

2 files changed, 11 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index a11d4b2cb8..50c7c29afe 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ PHP                                                                        NEWS
 - ZIP:
   . Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option). (cmb)
 
+- Session:
+  . Fixed bug #69582 (session not readable by root in CLI). (EvgeniySpinov)
+
 19 Jan 2017 PHP 7.0.15
 
 - Core:
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 1db43500b1..5917acec62 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -196,8 +196,14 @@ static void ps_files_open(ps_files *data, const char *key)
 		if (data->fd != -1) {
 #ifndef PHP_WIN32
 			/* check that this session file was created by us or root – we
-			   don't want to end up accepting the sessions of another webapp */
-			if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) {
+			   don't want to end up accepting the sessions of another webapp
+
+			   If the process is ran by root, we ignore session file ownership
+			   Use case: session is initiated by Apache under non-root and then
+			   accessed by backend with root permissions to execute some system tasks.
+
+			   */
+			if (zend_fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid() && getuid() != 0)) {
 				close(data->fd);
 				data->fd = -1;
 				php_error_docref(NULL, E_WARNING, "Session data file is not created by your uid");