On 05/30/2011 02:12 PM, sean finney wrote: > That leaves us with the basically the same follow-up question as the > cgi stuff above, though: do we want to let php code fork/daemonize? > > I'm not saying we should immediately back this out or anything; we have > a while before the next stable release to discuss this and I'm open to > the idea that maybe there is some reason we want to allow this. And really, > i think you're doing all the heavy lifting with PHP these days Ondrej, so > ultimately it's your opinion/decision that will probably matter most :) > > > sean
When it comes to my use case, I'm using SBOX to protect the executions of PHP scripts (not the current version in SID, but a re-worked one, which I will publish soon), and not PHP FPM. In my case, you can use fork if you like, but at the end of the SBOX configured timeout, your process (and it's child) will die anyway. So, in my case, having the feature to fork is nice, rather than a security issue. I don't think that signals, fork, and so on, are there *only* for daemons. Yes, it's nice for them, but there are other use cases. Also, if you believe that this is a security issue, what could be done would be to activate the pcntl functions in the Git, then disable them by default in php.ini, don't you think? This way, you still leave the user a choice. By the way, are these functions available for the php5-cli binary already? I think they are strongly needed in there. Your thoughts? Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
