|
sponsored links |
|
|
sponsored links
|
|
1
23rd January 21:52
External User
Posts: 1
|
virtual(), an easy way to put Apache server in spirals down.
------=_NextPart_000_000F_01C448B9.0E613DE0
Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Hi. I think following things may be a security risk in mod_php, maybe = allowing a DoS attak if your server users can use php engine for your = www pages. =20 If you make a file foo.php what contains function virtual(), pointing = to itself, ie virtual(foo.php) at least in php 4.3.2 an infinite lop occure, that eat up all the = memory and swap, eat all the resouces and script is terminated with : "failed to open stream: Limit of open files reached " and=20 Fatal error: Allowed memory size of 67108864 bytes exhausted at (null):0 = (tried to allocate 4260 bytes) in Unknown on line 0 =20 I suggest to add a check for maximum recursion level in virtual() if = possible and an appropriate directive into the php.ini file that can = set this recursion level. Regards, NTPT=20 PS: please execuse my bad english ------=_NextPart_000_000F_01C448B9.0E613DE0-- |
|
|
|
2
23rd January 21:52
External User
Posts: 1
|
virtual(), an easy way to put Apache server in spirals down.
do you have a maximum mem restriction in your php.ini?
paul ----- Original Message ----- From: "NTPT" <ntpt@centrum.cz> To: <internals@lists.php.net> Sent: Wednesday, June 02, 2004 9:48 AM Subject: [PHP-DEV] virtual(), an easy way to put Apache server in spirals down. Hi. I think following things may be a security risk in mod_php, maybe allowing a DoS attak if your server users can use php engine for your www pages. If you make a file foo.php what contains function virtual(), pointing to itself, ie virtual(foo.php) at least in php 4.3.2 an infinite lop occure, that eat up all the memory and swap, eat all the resouces and script is terminated with : "failed to open stream: Limit of open files reached " and Fatal error: Allowed memory size of 67108864 bytes exhausted at (null):0 (tried to allocate 4260 bytes) in Unknown on line 0 I suggest to add a check for maximum recursion level in virtual() if possible and an appropriate directive into the php.ini file that can set this recursion level. Regards, NTPT PS: please execuse my bad english -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php |
|
|
|
3
23rd January 21:52
External User
Posts: 1
|
virtual(), an easy way to put Apache server in spirals down.
I have max execution time set to 180 and mem limit to 64 mb , there is a
3*128mb physical ram total and about 1G swap space available . Lowering the mem limit helps a bit (take longer time and more requests needed ), but if you do more requests (5 - 10 at almost same time , ie click 10* reload ), situation is the same, server start swapping and stop almost all response, until httpd processes are killed by the kernel because exceeded memory limits ..... ----- Original Message ----- From: "Paul G" <paul@rusko.us> To: <internals@lists.php.net> Sent: Wednesday, June 02, 2004 3:47 PM Subject: Re: [PHP-DEV] virtual(), an easy way to put Apache server in spirals down. a to -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php |
|
|
|
Linear Mode
