PHP :: Request #65285 :: socket_sendmsg() - accept numeric file descriptors

Request #65285	socket_sendmsg() - accept numeric file descriptors
Submitted:	2013-07-18 08:21 UTC	Modified:	2013-07-20 19:47 UTC
From:	bugs dot php dot net at ss dot chernousov dot net	Assigned:
Status:	Wont fix	Package:	Sockets related
PHP Version:	5.5Git-2013-07-18 (Git)	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

[2013-07-18 08:21 UTC] bugs dot php dot net at ss dot chernousov dot net

Description:
------------
It would be pretty useful if socket_sendmsg() could work not only with sockets, 
but also with numeric file descriptors.

Patches

conversions-socket_sendmsg.patch (last revision 2013-07-18 08:21 UTC by bugs dot php dot net at ss dot chernousov dot net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-07-18 22:39 UTC] cataphract@php.net

-Status: Open +Status: Wont fix

[2013-07-18 22:39 UTC] cataphract@php.net

Unfortunately, this kind of functionality has been strictly limited in the past 
(php://fd has been limited to the cli sapi) under the rationale that it would 
allow PHP to manipulate Apache's file descriptors (when running as module) or 
whatever other file descriptors such as logs' or the the client connection 
socket's.

I find the argument that this is a vulnerability unpersuasive, but that's the 
conclusion that prevailed.

Won't fix.

[2013-07-18 23:01 UTC] bugs dot php dot net at ss dot chernousov dot net

I see your point, quite reasonable.
But isn't it possible to limit it to cli sapi only, like php://fd?

[2013-07-20 17:55 UTC] cataphract@php.net

I don't see much point in it. In cli you can just open the file descriptor with 
php://fd and then pass it to socket_sendmsg().

[2013-07-20 19:47 UTC] bugs dot php dot net at ss dot chernousov dot net

Well, when you're dealing a lot with libevent, libev, libeio and other "low-level" 
stuff, there's no point to convert $fd from integer to zval using 
fopen('php://fd/...') and then back within socket_sendmsg() each time, it's just 
useless waste of time. For example, when a script accepts new connections with 
pecl_event, it gets $fd as an integer in callback, and then it has to forward 
those $fd's to other processes using sendmsg.
So in general it's a matter of performance and optimization, especially in pretty 
loaded environments.
The suggested patch is extremely simple, the only thing it lacks is limiting to 
cli sapi only.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 11:01:30 2024 UTC