Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:10254 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 40340 invoked by uid 1010); 2 Jun 2004 21:30:53 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 40306 invoked from network); 2 Jun 2004 21:30:53 -0000 Received: from unknown (HELO mail.tiscali.cz) (213.235.135.71) by pb1.pair.com with SMTP; 2 Jun 2004 21:30:53 -0000 Received: from wbp1 (213.235.190.116) by mail.tiscali.cz (6.7.021) id 40B1F786003CF7F5; Wed, 2 Jun 2004 23:30:51 +0200 Message-ID: <003201c448e8$df842b10$74beebd5@wbp1> To: "Paul G" , References: <001201c448a8$4ba310e0$74beebd5@wbp1> <03b401c448a8$30086a60$0200a8c0@rusko> Date: Wed, 2 Jun 2004 23:30:48 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: Re: [PHP-DEV] virtual(), an easy way to put Apache server in spirals down. From: ntpt@centrum.cz ("NTPT") I have max execution time set to 180 and mem limit to 64 mb , there is a 3*128mb physical ram total and about 1G swap space available . Lowering the mem limit helps a bit (take longer time and more requests needed ), but if you do more requests (5 - 10 at almost same time , ie click 10* reload ), situation is the same, server start swapping and stop almost all response, until httpd processes are killed by the kernel because exceeded memory limits ..... ----- Original Message ----- From: "Paul G" To: Sent: Wednesday, June 02, 2004 3:47 PM Subject: Re: [PHP-DEV] virtual(), an easy way to put Apache server in spirals down. > do you have a maximum mem restriction in your php.ini? > > paul > > ----- Original Message ----- > From: "NTPT" > To: > Sent: Wednesday, June 02, 2004 9:48 AM > Subject: [PHP-DEV] virtual(), an easy way to put Apache server in spirals > down. > > > Hi. > > I think following things may be a security risk in mod_php, maybe allowing a > DoS attak if your server users can use php engine for your www pages. > > > If you make a file foo.php what contains function virtual(), pointing to > itself, ie virtual(foo.php) > at least in php 4.3.2 an infinite lop occure, that eat up all the memory > and swap, eat all the resouces and script is terminated with : > > "failed to open stream: Limit of open files reached " > > and > > Fatal error: Allowed memory size of 67108864 bytes exhausted at (null):0 > (tried to allocate 4260 bytes) in Unknown on line 0 > > > I suggest to add a check for maximum recursion level in virtual() if > possible and an appropriate directive into the php.ini file that can set > this recursion level. > > > Regards, NTPT > > PS: please execuse my bad english > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >