php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #65285 socket_sendmsg() - accept numeric file descriptors
Submitted: 2013-07-18 08:21 UTC Modified: 2013-07-20 19:47 UTC
From: bugs dot php dot net at ss dot chernousov dot net Assigned:
Status: Wont fix Package: Sockets related
PHP Version: 5.5Git-2013-07-18 (Git) OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugs dot php dot net at ss dot chernousov dot net
New email:
PHP Version: OS:

 

 [2013-07-18 08:21 UTC] bugs dot php dot net at ss dot chernousov dot net
Description:
------------
It would be pretty useful if socket_sendmsg() could work not only with sockets, 
but also with numeric file descriptors.


Patches

conversions-socket_sendmsg.patch (last revision 2013-07-18 08:21 UTC by bugs dot php dot net at ss dot chernousov dot net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-18 22:39 UTC] cataphract@php.net
-Status: Open +Status: Wont fix
 [2013-07-18 22:39 UTC] cataphract@php.net
Unfortunately, this kind of functionality has been strictly limited in the past 
(php://fd has been limited to the cli sapi) under the rationale that it would 
allow PHP to manipulate Apache's file descriptors (when running as module) or 
whatever other file descriptors such as logs' or the the client connection 
socket's.

I find the argument that this is a vulnerability unpersuasive, but that's the 
conclusion that prevailed.

Won't fix.
 [2013-07-18 23:01 UTC] bugs dot php dot net at ss dot chernousov dot net
I see your point, quite reasonable.
But isn't it possible to limit it to cli sapi only, like php://fd?
 [2013-07-20 17:55 UTC] cataphract@php.net
I don't see much point in it. In cli you can just open the file descriptor with 
php://fd and then pass it to socket_sendmsg().
 [2013-07-20 19:47 UTC] bugs dot php dot net at ss dot chernousov dot net
Well, when you're dealing a lot with libevent, libev, libeio and other "low-level" 
stuff, there's no point to convert $fd from integer to zval using 
fopen('php://fd/...') and then back within socket_sendmsg() each time, it's just 
useless waste of time. For example, when a script accepts new connections with 
pecl_event, it gets $fd as an integer in callback, and then it has to forward 
those $fd's to other processes using sendmsg.
So in general it's a matter of performance and optimization, especially in pretty 
loaded environments.
The suggested patch is extremely simple, the only thing it lacks is limiting to 
cli sapi only.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Sep 11 14:01:28 2024 UTC