-
-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not inherit open FDs to SSH child process #2
Conversation
$command = $this->cmd . ' -W ' . \escapeshellarg($parts['host'] . ':' . $parts['port']); | ||
|
||
// try to get list of all open FDs (Linux only) or simply assume range 3-1024 (FD_SETSIZE) | ||
$fds = @scandir('/proc/self/fd'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI working on a package to do this cross platform: https://github.com/WyriHaximus/php-file-descriptors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@WyriHaximus Thank you, will definitely keep an eye on this! 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@clue currently onto the daunting task of figuring it out for Windows
...
For the reference: This PR ensures that we immediately close all inherited file descriptors before executing the actual |
This somewhat obscure PR ensures that we do not inherit open file descriptors (FDs) to the SQLite child worker process. This can cause all sorts of errors in long running applications and really is not desired here. This is implemented by explicitly overwriting all superfluous FDs with dummy file handles and then closing all of these in the implicit `sh` child process before launching the actual php binary. PHP does not support `FD_CLOEXEC`, `O_CLOEXEC` or `SOCK_CLOEXEC` and this appears to be the best work around I could find (yes, I should probably write a lengthy, somewhat technical blog post about this). Additionally, this PR includes a test to verify this works on all supported platforms and this could perhaps be used as a starting point for other libraries (YMMV). This builds on top of clue/reactphp-ssh-proxy#2 and clue/reactphp-ssh-proxy#10
This somewhat obscure PR ensures that we do not inherit open file descriptors (FDs) to the SSH child process. This can cause all sorts of errors in long running applications and really is not desired here.
This is implemented by explicitly closing all superfluous FDs in the implicit
sh
child process before launching the actualssh
binary. PHP does not supportFD_CLOEXEC
,O_CLOEXEC
orSOCK_CLOEXEC
and this appears to be the best work around I could find (yes, I should probably write a lengthy, somewhat technical blog post about this). Additionally, this PR includes a test to verify this works on all supported platforms and this could perhaps be used as a starting point for other libraries (YMMV).See also reactphp/child-process#51