What are the side-effects of enabling PROCESS CONTROL (PCNTL) in PHP on web server environment?

开发者_运维知识库

below is a quotation from http://www.php.net/manual/en/intro.pcntl.php

Process Control should not be enabled within a web server environment and unexpected results 
may happen if any Process Control functions are used within a web server environment.

what are the side-effects of enabling it on my web server? what are the threatens and security concerns in it?

Thanks a lot for your help

---

There's a big difference between just enabling the extension and using the functions. Just enabling the extension should have no side effects whatsoever.

On the other hand, the functions made available can allow for some mischief. Forks can be abused, signals can be sent to other processes, telling them to perform actions that you otherwise might not want, and priorities of processes with the same owner as the web server daemon can be modified.

In other words, it's not something you'd want to enable unless you control all of the PHP running on that machine, like in a shared hosting environment.

---

If you enable this, an untrusted PHP code author could fork-bomb your server, which is harder to protect against than you might think.

An untrusted PHP code author could kill or suspend the webserver, or any processes that run as the same user as the webserver. (If the webserver runs untrusted PHP code as root, then it can stop or suspend all processes on the server.) Or, if you're using FastCGI or similar tools, it could kill or suspend any other tasks run as the same user.

An untrusted PHP code author could call the wait(2) family of functions, which will desperately confuse the server or FastCGI interface. It might hang it, it might cause it to crash, depends on the server.

Of course, the PHP process controls flag is really just advisory -- bugs in the PHP interpreter will allow a malicious code author all these things and more. This setting is simply there to keep honest programmers honest.

Any code you run in mod_php (or similar technologies for other servers) will have complete access to everything the web server can do.

Any code you run in FastCGI (or similar technologies) will have complete access to everything that the FastCGI system can do, based on the operating system's access controls.

If you really want to confine what untrusted PHP code can do, I suggest looking into different mandatory access control mechanisms, such as AppArmor, TOMOYO, SELinux, or SMACK.