Req #65285 [Wfx]: socket_sendmsg() - accept numeric file descriptors

bugs dot php dot net at ss dot chernousov dot net Sat, 20 Jul 2013 12:48:50 -0700

Edit report at https://bugs.php.net/bug.php?id=65285&edit=1


 ID:                 65285
 User updated by:    bugs dot php dot net at ss dot chernousov dot net
 Reported by:        bugs dot php dot net at ss dot chernousov dot net
 Summary:            socket_sendmsg() - accept numeric file descriptors
 Status:             Wont fix
 Type:               Feature/Change Request
 Package:            Sockets related
 PHP Version:        5.5Git-2013-07-18 (Git)
 Block user comment: N
 Private report:     N

 New Comment:

Well, when you're dealing a lot with libevent, libev, libeio and other 
"low-level" 
stuff, there's no point to convert $fd from integer to zval using 
fopen('php://fd/...') and then back within socket_sendmsg() each time, it's 
just 
useless waste of time. For example, when a script accepts new connections with 
pecl_event, it gets $fd as an integer in callback, and then it has to forward 
those $fd's to other processes using sendmsg.
So in general it's a matter of performance and optimization, especially in 
pretty 
loaded environments.
The suggested patch is extremely simple, the only thing it lacks is limiting to 
cli sapi only.


Previous Comments:
------------------------------------------------------------------------
[2013-07-20 17:55:00] cataphr...@php.net

I don't see much point in it. In cli you can just open the file descriptor with 
php://fd and then pass it to socket_sendmsg().

------------------------------------------------------------------------
[2013-07-18 23:01:09] bugs dot php dot net at ss dot chernousov dot net

I see your point, quite reasonable.
But isn't it possible to limit it to cli sapi only, like php://fd?

------------------------------------------------------------------------
[2013-07-18 22:39:00] cataphr...@php.net

Unfortunately, this kind of functionality has been strictly limited in the past 
(php://fd has been limited to the cli sapi) under the rationale that it would 
allow PHP to manipulate Apache's file descriptors (when running as module) or 
whatever other file descriptors such as logs' or the the client connection 
socket's.

I find the argument that this is a vulnerability unpersuasive, but that's the 
conclusion that prevailed.

Won't fix.

------------------------------------------------------------------------
[2013-07-18 08:21:08] bugs dot php dot net at ss dot chernousov dot net

Description:
------------
It would be pretty useful if socket_sendmsg() could work not only with sockets, 
but also with numeric file descriptors.



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65285&edit=1

Req #65285 [Wfx]: socket_sendmsg() - accept numeric file descriptors

Reply via email to