Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve platform support (chroot environments, Mac and others) and do not inherit open FDs to SSH child process by overwriting and closing #10

Merged
merged 4 commits into from
Jan 20, 2019
Merged

Improve platform support (chroot environments, Mac and others) and do not inherit open FDs to SSH child process by overwriting and closing #10

merged 4 commits into from
Jan 20, 2019

Conversation

clue
Copy link
Owner

@clue clue commented Jan 19, 2019

This fixes a possible race condition where open FDs where in fact
inherited to the wrapping shell before it had a chance to close them
again when it is being replaced with the actual SSH binary. This builds
on top of reactphp/child-process#65

This also improves platform support by checking /dev/fd instead of /proc/self/fd.
The virtual /proc/self/fd is Linux-only, while the virtual /dev/fd is
available on more platforms. On Linux, the latter is simply a symlink to
the former, so this shouldn't affect existing installations.

Additionally, this improves platform support by checking all available FDs as fallback.
If we can not read from /dev/fd (which is available on Linux, Mac and
many others), we otherwise try temporarily duplicating file descriptors
in the range 0-1024 (FD_SETSIZE) to see which one is currently in use.
This is known to work on more exotic platforms and also inside
chroot environments without /dev/fd. Causes many syscalls, but still
rather fast.

Builds on top of #2
Refs reactphp/child-process#51

@clue clue added the new feature New feature or request label Jan 19, 2019
@clue clue added this to the v1.1.0 milestone Jan 19, 2019
clue added 4 commits January 19, 2019 16:31
@clue
Internal refactoring to reuse file descriptor close logic
2da0bdf
@clue
Improve platform support by checking /dev/fd instead of /proc/self/fd
27ccbdd 
The virtual /proc/self/fd is Linux-only, while the virtual /dev/fd is
available on more platforms. On Linux, the latter is simply a symlink to
the former, so this shouldn't affect existing installations.
@clue
Improve platform support by checking all available FDs as fallback
e7512e6 
If we can not read from /dev/fd (which is available on Linux, Mac and
many others), we otherwise try temporarily duplicating file descriptors
in the range 0-1024 (FD_SETSIZE) to see which one is currently in use.
This is known to work on more exotic platforms and also inside
chroot environments without /dev/fd. Causes many syscalls, but still
rather fast.
@clue
Do not inherit open FDs to SSH child process by overwriting and closing
52d1386 
This fixes a possible race condition where open FDs where in fact
inherited to the wrapping shell before it had a chance to close them
again when it is being replaced with the actual SSH binary. This builds
on top of reactphp/child-process#65
@clue clue merged commit f1dc82f into clue:master Jan 20, 2019
@clue clue deleted the fds branch January 20, 2019 16:28
clue added a commit to clue-labs/reactphp-sqlite that referenced this pull request Jan 22, 2019
@clue
Do not inherit open FDs to SQLite worker by overwriting and closing
eee0ec8 
This somewhat obscure PR ensures that we do not inherit open file
descriptors (FDs) to the SQLite child worker process. This can cause all
sorts of errors in long running applications and really is not desired
here.

This is implemented by explicitly overwriting all superfluous FDs with
dummy file handles and then closing all of these in the implicit `sh`
child process before launching the actual php binary. PHP does not
support `FD_CLOEXEC`, `O_CLOEXEC` or `SOCK_CLOEXEC`  and this appears to
be the best work around I could find (yes, I should probably write a
lengthy, somewhat technical blog post about this). Additionally, this PR
includes a test to verify this works on all supported platforms and this
could perhaps be used as a starting point for other libraries (YMMV).

This builds on top of clue/reactphp-ssh-proxy#2
and clue/reactphp-ssh-proxy#10
@clue clue mentioned this pull request Jan 22, 2019
Merged
@clue clue mentioned this pull request May 15, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
new feature New feature or request
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.
1 participant
@clue