|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2014-06-05 11:25 UTC] langemeijer@php.net
Description: ------------ PHP doesn't sanitize opened file descriptors opened by PHP itself before executing a program. This should be fixed by opening all sockets with SOCK_CLOEXEC and all run a fcntl(file, F_SETFD, FD_CLOEXEC); on all newly opened filedescriptors SOCK_CLOEXEC and FD_CLOEXEC cause exec() to close the descriptors in the fork()ed child process. Note that this is similar, but not identical to bug #38915, bug #15529 and bug #20302 which are about file descriptors and sockets opened by Apache. Note that my patch also sets SOCK_CLOEXEC on the fastcgi listening socket and other similar usages of sockets. The patch was generated on php-src master branch. I'm happy to do some more work on it if any of you feel this is required. PatchesSOCK_CLOEXEC-and-FD_CLOEXEC (last revision 2014-06-05 11:26 UTC by casper at langemeijer dot eu)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Wed Dec 04 08:01:29 2024 UTC |
This issue can cause you to be unable to restart PHP-FPM. Specifically, this leaks the webserver -> php-fpm socket to any process you execute. This prevents PHP-FPM from cleanly restarting until the process exits, because the socket will already be in use. Quick example: <?php $p = popen('/bin/bash -c "sleep 60"','w'); pclose($p); ?> Now find the child process (ps aux | grep sleep) and lsof -p XXX -n: sleep 13443 nobody 0r FIFO 0,8 0t0 10237775 pipe sleep 13443 nobody 1u CHR 1,3 0t0 3920 /dev/null sleep 13443 nobody 2u CHR 1,3 0t0 3920 /dev/null sleep 13443 nobody 4u IPv4 10236693 0t0 TCP 127.0.0.1:cslistener->127.0.0.1:53151 (ESTABLISHED) sleep 13443 nobody 9u REG 0,9 0 3918 [eventpoll] FD 4 there is the TCP connection from the PHP worker process to the web server.