php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #65285 socket_sendmsg() - accept numeric file descriptors
Submitted: 2013-07-18 08:21 UTC Modified: 2013-07-20 19:47 UTC
From: bugs dot php dot net at ss dot chernousov dot net Assigned:
Status: Wont fix Package: Sockets related
PHP Version: 5.5Git-2013-07-18 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-07-18 08:21 UTC] bugs dot php dot net at ss dot chernousov dot net 
Description:
------------
It would be pretty useful if socket_sendmsg() could work not only with sockets, 
but also with numeric file descriptors.

Patches

conversions-socket_sendmsg.patch (last revision 2013-07-18 08:21 UTC by bugs dot php dot net at ss dot chernousov dot net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-18 22:39 UTC] cataphract@php.net
-Status: Open +Status: Wont fix
 [2013-07-18 22:39 UTC] cataphract@php.net 
Unfortunately, this kind of functionality has been strictly limited in the past 
(php://fd has been limited to the cli sapi) under the rationale that it would 
allow PHP to manipulate Apache's file descriptors (when running as module) or 
whatever other file descriptors such as logs' or the the client connection 
socket's.

I find the argument that this is a vulnerability unpersuasive, but that's the 
conclusion that prevailed.

Won't fix.
 [2013-07-18 23:01 UTC] bugs dot php dot net at ss dot chernousov dot net 
I see your point, quite reasonable.
But isn't it possible to limit it to cli sapi only, like php://fd?
 [2013-07-20 17:55 UTC] cataphract@php.net 
I don't see much point in it. In cli you can just open the file descriptor with 
php://fd and then pass it to socket_sendmsg().
 [2013-07-20 19:47 UTC] bugs dot php dot net at ss dot chernousov dot net 
Well, when you're dealing a lot with libevent, libev, libeio and other "low-level" 
stuff, there's no point to convert $fd from integer to zval using 
fopen('php://fd/...') and then back within socket_sendmsg() each time, it's just 
useless waste of time. For example, when a script accepts new connections with 
pecl_event, it gets $fd as an integer in callback, and then it has to forward 
those $fd's to other processes using sendmsg.
So in general it's a matter of performance and optimization, especially in pretty 
loaded environments.
The suggested patch is extremely simple, the only thing it lacks is limiting to 
cli sapi only.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 03:01:32 2024 UTC