PCNTL Concerns & Issues.

[RazerFX]

Hello:

I have originally posted a ticket to cPanel with regards to this. However I have not had any response from yet, and perhaps other users & cPanel admins might view this message as well.

This is with regards to PCNTL. I would like to understand if this has been enabled in a cPanel environment. If not, I'm curious to know why not,... ie. whether there are any security concerns... because I do not see an option under cPanel to install this.

The PCNTL installation option is not available through cPanel to the best of my knowledge - but manual installation of PCNTL is really not an issue.

However the nature of my question is to understand whether installing this is a security concern on a web server... and if it can compromise security and/or degrade stability.

I hope to get response from value users! Any input is great, and your time is greatly appreciated.

Best,
Razer.

 

[chirpy]

I would presume it's not enabled because of this on the php.net site:

Process Control support in PHP implements the Unix style of process creation, program execution, signal handling and process termination. Process Control should not be enabled within a webserver environment and unexpected results may happen if any Process Control functions are used within a webserver environment.

 

[RazerFX]

Hello:

I was hoping I would get a different answer . I already have that answer from the PHP.NET site when I did my research before posting the message.

However one of our inhouse apps require PCNTL. Without it over 1000 hrs of paid work will have been p!$$ed away - and we have to redesign our apps. Needless to say the hourly wage of inhouse developers .

Process Control should not be enabled within a webserver environment and unexpected results may happen if any Process Control functions are used within a webserver environment.

The issue is quite simple. They say "Webserver Environment". Does this mean it should not be enabled or the functionality not be made available on web services accounts? Or it should not be used at all on a machine that is being used as a Web Server?

For that I don't have an answer yet. If PHP is a webscripting/development language, then why would PCNTL be made available in PHP in the first place.

Since PCNTL appears to be a part of PHP - not available by default - why is it that this is a security concern concern in the first place... if in deed it is a security concern... and what 'unexpected' results may encounter.

Our APP with PCNTL has been running on non-cPanel based sites -- without any issues/problems, and one of our office servers has been running with this for over a year.

Obviously cPanel did a lot of research before including in the modules in PHP that are popularly used & requested. I am sure cPanel folks have encountered the PCNTL issue and for this I'd like to learn and understand what the real issues are from the lower level. vs. the higher level.. which basically says "unexpected results *may* happen".

Would really appreciate some feedback on this!

Cheers!
Razer.