search

clue / reactphp-ssh-proxy

Async SSH proxy connector and forwarder, tunnel any TCP/IP-based protocol through an SSH server, built on top of ReactPHP.
https://clue.engineering/2018/introducing-reactphp-ssh-proxy
MIT License
21 stars 7 forks source link

Improve platform support (chroot environments, Mac and others) and do not inherit open FDs to SSH child process by overwriting and closing #10

Closed clue closed 5 years ago

clue commented 5 years ago

This fixes a possible race condition where open FDs where in fact inherited to the wrapping shell before it had a chance to close them again when it is being replaced with the actual SSH binary. This builds on top of https://github.com/reactphp/child-process/pull/65

This also improves platform support by checking /dev/fd instead of /proc/self/fd. The virtual /proc/self/fd is Linux-only, while the virtual /dev/fd is available on more platforms. On Linux, the latter is simply a symlink to the former, so this shouldn't affect existing installations.

Additionally, this improves platform support by checking all available FDs as fallback. If we can not read from /dev/fd (which is available on Linux, Mac and many others), we otherwise try temporarily duplicating file descriptors in the range 0-1024 (FD_SETSIZE) to see which one is currently in use. This is known to work on more exotic platforms and also inside chroot environments without /dev/fd. Causes many syscalls, but still rather fast.

Builds on top of #2 Refs https://github.com/reactphp/child-process/issues/51