From owner-freebsd-performance@FreeBSD.ORG Thu Feb 14 17:52:00 2008 Return-Path: Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 156C216A41B; Thu, 14 Feb 2008 17:52:00 +0000 (UTC) (envelope-from arkadi@mebius.lv) Received: from trap.mebius.lv (trap.mebius.lv [80.81.43.194]) by mx1.freebsd.org (Postfix) with ESMTP id D80BA13C4E3; Thu, 14 Feb 2008 17:51:59 +0000 (UTC) (envelope-from arkadi@mebius.lv) Received: from [10.0.10.50] by trap.mebius.lv with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1JPhmf-00029y-MV; Thu, 14 Feb 2008 19:22:05 +0200 Message-ID: <47B478E6.8080902@mebius.lv> Date: Thu, 14 Feb 2008 19:22:46 +0200 From: Arkadi Shishlov User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: freebsd-performance@freebsd.org References: <479B1185.8020604@quip.cz> <479D89C9.7060300@chistydom.ru> <479DD94C.7010409@mawer.org> <479DE578.7060202@quip.cz> <20080214163037.GA51014@dracon.ht-systems.ru> In-Reply-To: <20080214163037.GA51014@dracon.ht-systems.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Stanislav Sedov Subject: Re: PHP with open_basedir performance problem X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2008 17:52:00 -0000 Stanislav Sedov wrote: > I'd suggest you to disable open_basedir at all or roll out specialized > implementation. I had a lot of similar problems with open_basedir in > the past, so I just rewrote it to match our specific security policy. Can you share a hint how exactly this specialized implementation may look like? The requirement is simple: php script working under apache mod_php can't open files outside of virtual host document root whenever php safe mode is enabled or disabled. Website owners can create symlinks. I understand the open_basedir is kinda flawed security measure, and safe_mode is a primary safeguard with mod_php, but it would be nice to get it working under FreeBSD too. > Most basedir problems are linked with the fact it produce a lot of lstast/ > readlinks on every require, include or open command. On Linux it pereforms > even worse, as they implemented readlink there by hand, and, of course, > their implementation isn't particulry good. But there is no high sys cpu usage on Linux in contrary to FreeBSD, as reported by original author of the thread..? Do you have numbers or benchmark ready? I see the number of syscalls required is astonishing (on Linux) but doesn't cause any problem at first look.