[php-maint] Bug#605571: Bug#605571: Bug#605571: Please enable pcntl functions
Thomas Goirand
thomas at goirand.fr
Mon May 30 08:54:25 UTC 2011
On 05/30/2011 02:12 PM, sean finney wrote:
> That leaves us with the basically the same follow-up question as the
> cgi stuff above, though: do we want to let php code fork/daemonize?
>
> I'm not saying we should immediately back this out or anything; we have
> a while before the next stable release to discuss this and I'm open to
> the idea that maybe there is some reason we want to allow this. And really,
> i think you're doing all the heavy lifting with PHP these days Ondrej, so
> ultimately it's your opinion/decision that will probably matter most :)
>
>
> sean
When it comes to my use case, I'm using SBOX to protect the executions
of PHP scripts (not the current version in SID, but a re-worked one,
which I will publish soon), and not PHP FPM. In my case, you can use
fork if you like, but at the end of the SBOX configured timeout, your
process (and it's child) will die anyway. So, in my case, having the
feature to fork is nice, rather than a security issue. I don't think
that signals, fork, and so on, are there *only* for daemons. Yes, it's
nice for them, but there are other use cases.
Also, if you believe that this is a security issue, what could be done
would be to activate the pcntl functions in the Git, then disable them
by default in php.ini, don't you think? This way, you still leave the
user a choice.
By the way, are these functions available for the php5-cli binary
already? I think they are strongly needed in there.
Your thoughts?
Thomas
More information about the pkg-php-maint
mailing list