Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98282 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 88626 invoked from network); 10 Feb 2017 21:09:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 10 Feb 2017 21:09:57 -0000 Authentication-Results: pb1.pair.com header.from=ben.rubson@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ben.rubson@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.128.178 as permitted sender) X-PHP-List-Original-Sender: ben.rubson@gmail.com X-Host-Fingerprint: 209.85.128.178 mail-wr0-f178.google.com Received: from [209.85.128.178] ([209.85.128.178:33257] helo=mail-wr0-f178.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 67/31-08968-22C2E985 for ; Fri, 10 Feb 2017 16:09:56 -0500 Received: by mail-wr0-f178.google.com with SMTP id i10so116977492wrb.0 for ; Fri, 10 Feb 2017 13:09:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=ujx7ZTRZWleAldT3CODKd58JWOvk/a6FOAQBNPV5pdk=; b=MbcBuQuuymdblzMlB4ICTpm+L36R1Vn0iN0sAtS+pVhDzCRdKC+UjWweUBEy+0o8Is 0qed7pbBRqNffVDtaDI343Xgchy2bTuttJbroXP7NAZD79XeYEjCO1OX61Ii5TlKmUaX 9DOkWXjHEB8hl1LAJniRhKuLhHt2qdF7+PmzCSY7r31NKoat1QWNUntA4onPR2UZNv+2 FpOk83nLl4aX1Cx/uiOyshvuYOpcrSMZLACxWedXhLpJWEcgcGEm1mMvICPDaqdIqAww kQoRDzfk5FIG//RjApym3Gz7h9IpElauKDd+hj/WHkVXEpbCV3Y5bjbvWwEsmkLJxJW+ RARQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=ujx7ZTRZWleAldT3CODKd58JWOvk/a6FOAQBNPV5pdk=; b=svVVb7zj3ePIinNnZKlCgUjCanXKx/AftxkPhU7GcPdG7qHoNcIL3OjBlwqPN1mS58 3eZ30lgU/f4rhgVZ2syl85IcAWGThZfXFsDdf5v9hh9Pr+3eSb4pA/Rjm8KW0Al0MdNS kg7kAgduekXiXuzejtfAT23d+CuZC501jBmSssIzP6vRiYshmH2TwM9lYVfp8aIkgVpW Em0S945zVwiCfl1hiJHiwrg3+T6fY+ZWk1TsKgirdnphy3B1B5ivWDG5d95N5APhpnr4 QgjnOX++rqpgFoxAkQocZF5aRTgr8JEO2V6VhME36FTlkPCghXNAlYcRVduItBnfbr65 U2Ew== X-Gm-Message-State: AMke39m84nH4tzHVHSOcWOM3cRApbD2gWfxNKuNoZENZF7oaq/YLvE3o6wxPjyYv+AMHuQ== X-Received: by 10.223.150.238 with SMTP id u101mr8974034wrb.175.1486760991224; Fri, 10 Feb 2017 13:09:51 -0800 (PST) Received: from ben.home ([2a01:cb1d:125:8a00:aca9:53f9:8287:546a]) by smtp.gmail.com with ESMTPSA id 198sm2940711wmn.11.2017.02.10.13.09.50 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 10 Feb 2017 13:09:50 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) In-Reply-To: Date: Fri, 10 Feb 2017 22:09:49 +0100 Content-Transfer-Encoding: quoted-printable Message-ID: References: <4CD4DCCC-6643-4A66-B6AD-4BF0EF89FDA9@gmail.com> <1FC170E6-5207-45F3-8DF7-8B50787DCCA7@gmail.com> To: PHP internals X-Mailer: Apple Mail (2.3124) Subject: Re: [PHP-DEV] Improve (disable|enable)_functions #65386 From: ben.rubson@gmail.com (Ben RUBSON) > On 10 Feb 2017, at 18:25, Sara Golemon wrote: >=20 > On Fri, Feb 10, 2017 at 4:02 AM, Ben RUBSON = wrote: >>> On 09 Feb 2017, at 18:12, Sara Golemon wrote: >>> Could you clarify? `disable_functions` *IS* a PHP_INI_SYSTEM = directive: >>>=20 >>> PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) >>=20 >> However, as per all the bugs referenced by #65386, >> using "php_admin_value disable_functions" in httpd.conf does not = correctly work. >> The main issue certainly is that it can't be used per vhost. >> (note that it however still affects their local ini value) >>=20 > That's not surprising. When disable_functions processes an INI > change, it's a one-way affair. Any functions listed in the INI > setting are clobbered and their original handlers are lost (on > purpose, I imagine). >=20 > When a new setting comes in to override it (via php_admin_value) it > can only add to the list of disabled functions, not restore previously > disabled functions. I was talking more specifically about the following : "php_admin_value disable_functions mydisfunction" phpinfo() shows mydisfunction as locally disabled, but in reality can still be used. So "php_admin_value disable_functions" should not affect "Local Value". (as per point 1 of #65386) But should also be solved by allowing "php_admin_value = disable_functions" to really disable functions :) (as per point 2 of #65386) > Again, I'm not certain, but my gut says this was intentional. >=20 >>> There's also a technical hurdle here due to the way that functions = are >>> (currently) disabled. It's INI_SYSTEM because enabling/disabling on = a >>> per-request (per vhost essentially means per request) basis means a >>> lot more heavy lifting than disabling on a system-wide level (we = just >>> replace the function implementation in the global table with a STFU >>> message). >>=20 >> Sounds like it would then require some dev to achieve this behaviour. >> Would it however hurt requests performance ? >>=20 > TL;DR - Yes. >=20 > If you want a single process to serve some requests with function X > disabled and some to serve it with that function enabled, then SOME > amount of per-request processing has to be done. Maybe it's done on > RINIT to shuffle around the function table, maybe it's done at > function call time via a flag, maybe it's done by compiling to a > different instruction for "potentially disabled function call". I'm > not sure as I haven't thought very far into the problem. Perhaps initial init time could be a little bit longer, but to the = benefit of non-slowed requests. OK, understood, thank you ! Any way to "officially" add these requests (#65386) to the development = list ? >>> but if the goal is to >>> disable an entire extension's worth of functions, wouldn't one >>> just.... not load that extension? >>=20 >> Because one would certainly want to re-enable one of these functions = in >> one of its vhosts (or even globally in php.ini) :) >>=20 > Is running separate fcgi instances not an option here? Of course running separate fcgi instances could be a solution to run different configurations. But even here, the wildcards with the ability to use enable_functions would really be helpful. Thank you again ! Ben