Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98280 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 76999 invoked from network); 10 Feb 2017 17:25:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 10 Feb 2017 17:25:57 -0000 Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 74.125.82.177 as permitted sender) X-PHP-List-Original-Sender: php@golemon.com X-Host-Fingerprint: 74.125.82.177 mail-ot0-f177.google.com Received: from [74.125.82.177] ([74.125.82.177:35855] helo=mail-ot0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A5/20-08968-5A7FD985 for ; Fri, 10 Feb 2017 12:25:57 -0500 Received: by mail-ot0-f177.google.com with SMTP id 32so33220171oth.3 for ; Fri, 10 Feb 2017 09:25:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=golemon-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=VOlXpFLrgsNxrkHJVHek5IkiXdBwHEBQrkI2hJpme6g=; b=uQ/bKPum28dKBE7DP4HUATSvaRVAnmNQ7O2OEY9KZ7XgnxvUnD5Fzvj8rxjWjN2xly o5rkK4UwFNPx1z0PpuXEa1bBRUxVkJcVjTMJiDByR94gIoK39pnYLs3R3/10JPQHvetC qrY79sHmKdz7/e8d93e5bAx+YpyOo6Sz+HxwYd2Cos53L2wUHf7h+1UGzaf6zCkbeWXB 7+7kHLTM4wIvA5UXbkK2rg2J8oj2yd6G0z98eXOKJQbCG1XTVGW7PvN5v5N+co5S2Yca HVsItSuVO0H6SRmAmUexUgRjIaH9iCQ4cygTyXfiE2GfyhfeOHopL8AxRGBgpMG449oz o8Gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=VOlXpFLrgsNxrkHJVHek5IkiXdBwHEBQrkI2hJpme6g=; b=Ce3BUlh+GpFPBnYO8inlhx+cjkGFqob+H2ctHgXv/O/YBhIwH4sV7DUBZkv4q9GylC H+dsRgs7lYjgJiaMSe/4U9xkxX+Ny6A8FH8eW5D12ljsfo4/FtEmfZS2otZCbIMiJL8F G7ZDlvewL2dMqkd9AxITTQSZUMQRN9SjNaIm9OxjqYCWdcjfuhyICuT6nwb/tAtQKygF buVsPYlM2Y1LxloABterjC5R9mitJMv1aHv7//K52jflNc39LqvXFLiJusTwXJxKWZHI F87ri7HYhuGC8Iq2BgaehVDIwuSQhrFsR38v4ztoytoFL6q1bkgnh9vhyu1arJOpSbOQ 2sQw== X-Gm-Message-State: AMke39nwAFszIY7Fs4vpl/PaIeBcnLzQnVpA3Hq0iJz/k0hGtLALJccvq0sQwPePMw1gDfNmRF/Q1nf1GaQXxQ== X-Received: by 10.157.40.21 with SMTP id m21mr5304324otb.112.1486747554434; Fri, 10 Feb 2017 09:25:54 -0800 (PST) MIME-Version: 1.0 Sender: php@golemon.com Received: by 10.157.14.104 with HTTP; Fri, 10 Feb 2017 09:25:54 -0800 (PST) X-Originating-IP: [73.9.224.155] In-Reply-To: <1FC170E6-5207-45F3-8DF7-8B50787DCCA7@gmail.com> References: <4CD4DCCC-6643-4A66-B6AD-4BF0EF89FDA9@gmail.com> <1FC170E6-5207-45F3-8DF7-8B50787DCCA7@gmail.com> Date: Fri, 10 Feb 2017 12:25:54 -0500 X-Google-Sender-Auth: OvAJ3MYSX2GfZSxJBYDiAUeF_oI Message-ID: To: Ben RUBSON Cc: PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Improve (disable|enable)_functions #65386 From: pollita@php.net (Sara Golemon) On Fri, Feb 10, 2017 at 4:02 AM, Ben RUBSON wrote: >> On 09 Feb 2017, at 18:12, Sara Golemon wrote: >> Could you clarify? `disable_functions` *IS* a PHP_INI_SYSTEM directive: >> >> PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) > > However, as per all the bugs referenced by #65386, > using "php_admin_value disable_functions" in httpd.conf does not correctly work. > The main issue certainly is that it can't be used per vhost. > (note that it however still affects their local ini value) > That's not surprising. When disable_functions processes an INI change, it's a one-way affair. Any functions listed in the INI setting are clobbered and their original handlers are lost (on purpose, I imagine). When a new setting comes in to override it (via php_admin_value) it can only add to the list of disabled functions, not restore previously disabled functions. Again, I'm not certain, but my gut says this was intentional. >> There's also a technical hurdle here due to the way that functions are >> (currently) disabled. It's INI_SYSTEM because enabling/disabling on a >> per-request (per vhost essentially means per request) basis means a >> lot more heavy lifting than disabling on a system-wide level (we just >> replace the function implementation in the global table with a STFU >> message). > > Sounds like it would then require some dev to achieve this behaviour. > Would it however hurt requests performance ? > TL;DR - Yes. If you want a single process to serve some requests with function X disabled and some to serve it with that function enabled, then SOME amount of per-request processing has to be done. Maybe it's done on RINIT to shuffle around the function table, maybe it's done at function call time via a flag, maybe it's done by compiling to a different instruction for "potentially disabled function call". I'm not sure as I haven't thought very far into the problem. >> but if the goal is to >> disable an entire extension's worth of functions, wouldn't one >> just.... not load that extension? > > Because one would certainly want to re-enable one of these functions in > one of its vhosts (or even globally in php.ini) :) > Is running separate fcgi instances not an option here? -Sara