Mutual Exclusions

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Mutual Exclusions

Post by Syranide »

Ok, I've been fiddeling for some while now and I can't find a good solution for this.

What am I after? Just mutual exclusion for scripts, such as that provided when using sessions (all other scripts using the same session will be halted until the owner is done).

Sem, etc etc is not a possibility as it is not standard/bundled, I'm currently using my own file-mutexes, a solution that works, but is not at all practical or good in any way. SQL-mutexes could be a possibilty but is not at the moment, and is just as bad as the file-mutex.

Does anyone know if there is a better way of having mutual exclusions in scripts (using bundled libraries)?
Perhaps it is possible to resume a named session and making sure it doesn't produce any header?

(The reason for this is extensive use of file-handling instead of SQL because of target systems)

EDIT: perhaps this isn't security after all
User avatar
dbevfat
Forum Contributor
Posts: 126
Joined: Tue Jun 28, 2005 2:47 pm
Location: Ljubljana, Slovenia

Post by dbevfat »

I don't exactly understand what you are trying to say, but I guess mutexes can be done with any shared resource. You've tried files and you dislike databases, so you can give it a shot with shared memory.

See shm extension (shm_get_var returns something about mutexes). You should also take a look at semaphores (sem_acquire for starters), which are probably the prefered way for locking and exclusion.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

What I don't really get is why you're considering 'session based' mutexes 'superior' to file-based ones. With PHP default session handler they are essentially the same.
User avatar
shiflett
Forum Contributor
Posts: 124
Joined: Sun Feb 06, 2005 11:22 am

Post by shiflett »

It sounds like you're looking for flock():

http://php.net/flock
Syranide
Forum Contributor
Posts: 281
Joined: Fri May 20, 2005 3:16 pm
Location: Sweden

Post by Syranide »

Weirdan wrote:What I don't really get is why you're considering 'session based' mutexes 'superior' to file-based ones. With PHP default session handler they are essentially the same.
Because file-mutexes requires polling to check/acquire the mutex... session based doesn't they are internally managed by PHP and providing instant access.

And for the rest of the answers, as I said, only bundled functions can be used, shared memory is not (nor available on windows).

It is really strange that PHP doesn't include any support for this as it should be fairly simple, I thought about opening a listening socket and try to acquire it which wouldn't hog the system too much, but using a socket for that feels worse than files frankly, I'm gonna look around some more, or I'll just have to go with the file-mutex I guess. But it is kinda disturbing as an untimely crash would have the scripts deadlocked, I have mechanisms against that.... but still ;)

EDIT: but flock looks really really promising, I've seen it before but thought it had more bottlenecks than it did... perhaps I'll implement that as a primary mutexing strategy and use my old for backup, I'm gonna look into it further, thanks.

EDIT: weirdan, ah ok, now I see what you mean, perhaps it just uses "fake" internal mutexing yes, that would be possible, but I didn't really consider sessions to work well for mutexing either.
hswner
Forum Newbie
Posts: 3
Joined: Mon Mar 17, 2008 12:47 pm

Re: Mutual Exclusions

Post by hswner »

I think flock can be used for this, because flock has an internal queueing mechanism for processes that try to access a specified file. Just create a file to be used for requesting a lock on via flock() function, then you'll be put to the tail of the queue. You'll wait until all the previous lock requests are satisfied and no any process is holding lock on the file. This simple functionality can be used to implement a mutual exclusion mechanism. But the real problem here is to avoid deadlocks. I haven't thought much about it and have no solution right now. I'll be back later if I have one.
Post Reply