Do not inherit open FDs to SSH child process #2
Conversation
| $command = $this->cmd . ' -W ' . \escapeshellarg($parts['host'] . ':' . $parts['port']); | ||
|
|
||
| // try to get list of all open FDs (Linux only) or simply assume range 3-1024 (FD_SETSIZE) | ||
| $fds = @scandir('/proc/self/fd'); |
There was a problem hiding this comment.
FYI working on a package to do this cross platform: https://github.com/WyriHaximus/php-file-descriptors
There was a problem hiding this comment.
@WyriHaximus Thank you, will definitely keep an eye on this! 👍
There was a problem hiding this comment.
@clue currently onto the daunting task of figuring it out for Windows...
|
For the reference: This PR ensures that we immediately close all inherited file descriptors before executing the actual |
This somewhat obscure PR ensures that we do not inherit open file descriptors (FDs) to the SQLite child worker process. This can cause all sorts of errors in long running applications and really is not desired here. This is implemented by explicitly overwriting all superfluous FDs with dummy file handles and then closing all of these in the implicit `sh` child process before launching the actual php binary. PHP does not support `FD_CLOEXEC`, `O_CLOEXEC` or `SOCK_CLOEXEC` and this appears to be the best work around I could find (yes, I should probably write a lengthy, somewhat technical blog post about this). Additionally, this PR includes a test to verify this works on all supported platforms and this could perhaps be used as a starting point for other libraries (YMMV). This builds on top of clue/reactphp-ssh-proxy#2 and clue/reactphp-ssh-proxy#10
This somewhat obscure PR ensures that we do not inherit open file descriptors (FDs) to the SSH child process. This can cause all sorts of errors in long running applications and really is not desired here.
This is implemented by explicitly closing all superfluous FDs in the implicit
shchild process before launching the actualsshbinary. PHP does not supportFD_CLOEXEC,O_CLOEXECorSOCK_CLOEXECand this appears to be the best work around I could find (yes, I should probably write a lengthy, somewhat technical blog post about this). Additionally, this PR includes a test to verify this works on all supported platforms and this could perhaps be used as a starting point for other libraries (YMMV).See also reactphp/child-process#51