|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #65285 socket_sendmsg() - accept numeric file descriptors
Submitted: 2013-07-18 08:21 UTC Modified: 2013-07-20 19:47 UTC
From: bugs dot php dot net at ss dot chernousov dot net Assigned:
Status: Wont fix Package: Sockets related
PHP Version: 5.5Git-2013-07-18 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
2 + 40 = ?
Subscribe to this entry?

 [2013-07-18 08:21 UTC] bugs dot php dot net at ss dot chernousov dot net
It would be pretty useful if socket_sendmsg() could work not only with sockets, 
but also with numeric file descriptors.


conversions-socket_sendmsg.patch (last revision 2013-07-18 08:21 UTC by bugs dot php dot net at ss dot chernousov dot net)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-18 22:39 UTC]
-Status: Open +Status: Wont fix
 [2013-07-18 22:39 UTC]
Unfortunately, this kind of functionality has been strictly limited in the past 
(php://fd has been limited to the cli sapi) under the rationale that it would 
allow PHP to manipulate Apache's file descriptors (when running as module) or 
whatever other file descriptors such as logs' or the the client connection 

I find the argument that this is a vulnerability unpersuasive, but that's the 
conclusion that prevailed.

Won't fix.
 [2013-07-18 23:01 UTC] bugs dot php dot net at ss dot chernousov dot net
I see your point, quite reasonable.
But isn't it possible to limit it to cli sapi only, like php://fd?
 [2013-07-20 17:55 UTC]
I don't see much point in it. In cli you can just open the file descriptor with 
php://fd and then pass it to socket_sendmsg().
 [2013-07-20 19:47 UTC] bugs dot php dot net at ss dot chernousov dot net
Well, when you're dealing a lot with libevent, libev, libeio and other "low-level" 
stuff, there's no point to convert $fd from integer to zval using 
fopen('php://fd/...') and then back within socket_sendmsg() each time, it's just 
useless waste of time. For example, when a script accepts new connections with 
pecl_event, it gets $fd as an integer in callback, and then it has to forward 
those $fd's to other processes using sendmsg.
So in general it's a matter of performance and optimization, especially in pretty 
loaded environments.
The suggested patch is extremely simple, the only thing it lacks is limiting to 
cli sapi only.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Dec 07 05:01:29 2023 UTC