[php-maint] Bug#605571: Bug#605571: Bug#605571: Bug#605571: Please enable pcntl functions

[Ondřej Surý]

On Mon, May 30, 2011 at 10:54, Thomas Goirand <thomas at goirand.fr> wrote:
> On 05/30/2011 02:12 PM, sean finney wrote:
>> That leaves us with the basically the same follow-up question as the
>> cgi stuff above, though: do we want to let php code fork/daemonize?
>>
>> I'm not saying we should immediately back this out or anything; we have
>> a while before the next stable release to discuss this and I'm open to
>> the idea that maybe there is some reason we want to allow this.  And really,
>> i think you're doing all the heavy lifting with PHP these days Ondrej, so
>> ultimately it's your opinion/decision that will probably matter most :)
>>
>>
>>       sean
>
> When it comes to my use case, I'm using SBOX to protect the executions
> of PHP scripts (not the current version in SID, but a re-worked one,
> which I will publish soon), and not PHP FPM. In my case, you can use
> fork if you like, but at the end of the SBOX configured timeout, your
> process (and it's child) will die anyway. So, in my case, having the
> feature to fork is nice, rather than a security issue. I don't think
> that signals, fork, and so on, are there *only* for daemons. Yes, it's
> nice for them, but there are other use cases.
>
> Also, if you believe that this is a security issue, what could be done
> would be to activate the pcntl functions in the Git, then disable them
> by default in php.ini, don't you think? This way, you still leave the
> user a choice.
>
> By the way, are these functions available for the php5-cli binary
> already? I think they are strongly needed in there.
>
> Your thoughts?

I like the idea of enabling the pcntl, but disabling all functions
from the extension by default.  Implemented in 093d34f as static list,
and few minutes later updated it in 093d34f to pull the list of
functions from php_pcntl.h automatically.

O.
-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/