PHP ImagickException error in CloudLinux: not authorized

0
8120

PHP ImagickException error in CloudLinux not authorized

 

Hello there 🙂

 

Today i have faced a new and very strange problem with PHP ImagickException error in CloudLinux not authorized that we (CloudLinux also big thanks to Igor Ghertesco) manage to fix it.

My system was very simple that uses CloudLinux 7.2 technology including PHP selector and Plesk 12.5 system on Cenots 7.2.

imagemagick-logo


The beginning 🙂

Our client (domain name : http://domain.name/) uses Imagick and have errors in error_log :

[Sun Jul 10 16:25:29.715038 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client 00.00.00.00:56798] mod_fcgid: stderr: PHP Fatal error: Uncaught exception 'ImagickException' with message 'not authorized `/tmp/magick-356589qHphZgHgOyAg' @ error/constitute.c/ReadImage/412' in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php:78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715064 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client 00.00.00.00:56798] mod_fcgid: stderr: Stack trace:, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715079 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client 00.00.00.00:56798] mod_fcgid: stderr: #0 /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php(78): Imagick->readimageblob('<?xml version="...'), referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715083 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client 00.00.00.00:56798] mod_fcgid: stderr: #1 {main}, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:29.715087 2016] [fcgid:warn] [pid 353566:tid 139677738710784] [client 00.00.00.00:56798] mod_fcgid: stderr: thrown in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php on line 78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706958 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client 00.00.00.00:56794] mod_fcgid: stderr: PHP Fatal error: Uncaught exception 'ImagickException' with message 'not authorized `/tmp/magick-3570632DJqOV29q7Fs' @ error/constitute.c/ReadImage/412' in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php:78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706985 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client 00.00.00.00:56794] mod_fcgid: stderr: Stack trace:, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706989 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client 00.00.00.00:56794] mod_fcgid: stderr: #0 /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php(78): Imagick->readimageblob('<?xml version="...'), referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706993 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client 00.00.00.00:56794] mod_fcgid: stderr: #1 {main}, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7
[Sun Jul 10 16:25:30.706997 2016] [fcgid:warn] [pid 353594:tid 139677730318080] [client 00.00.00.00:56794] mod_fcgid: stderr: thrown in /var/www/vhosts/domain.name/httpdocs/controllers/createPreviewImg.php on line 78, referer: http://domain.name/view/lj2yyyp27j?product=13at7ltk9s&color=7&colorPrint=0_7

After reviewing this error and after we sew this line we check tmp on our server and it was ok with permissions and the owner based on your infrastructure.

'ImagickException' with message 'not authorized `/tmp/magick-356589qHphZgHgOyAg'

TMP directory on the server (/tmp):

drwxrwxrwt. 14 root root 36864 Jul 10 16:45 tmp

One of the clues

One of the solutions was  described in this thread: http://stackoverflow.com/questions/37599727/php-imagickexception-not-authorized

But this solution didn’t helped us on CloudLinux system with PHP selector.

 

Solutions: 1 (described here)

nano /etc/ImageMagick/policy.xml

Comment this line:

<policy domain="coder" rights="none" pattern="MVG" />
service httpd restart

 

Solutions: 2 (worked on my CloudLinux)

nano /opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml

Comment this line:

<policy domain="coder" rights="none" pattern="MVG" />
service httpd restart

 

Remarks

P.S. Do not forget to clear cookies and cache after doing solutions 1 or solutions 2.

P.S.2. Make sure you have up to data patch regarding Imagick from CloudLinux servers .

ImageMagick-exploit-hack

A critical vulnerability was found in ImageMagick which allows remote code to be executed during the conversion of several file formats. ImageMagick Filtering Vulnerability – CVE-2016-3714 pateched .

https://cloudlinux.com/cloudlinux-os-blog/entry/imagemagic-for-cl-6-and-alt-imagemagic-updated

 

Good luck !