Hi.
I think following things may be a security risk in mod_php, maybe allowing a DoS attak if your server users can use php engine for your www pages.
If you make a file foo.php what contains function virtual(), pointing to itself, ie virtual(foo.php)
at least in php 4.3.2 an infinite lop occure, that eat up all the memory and swap, eat all the resouces and script is terminated with :
"failed to open stream: Limit of open files reached "
and
Fatal error: Allowed memory size of 67108864 bytes exhausted at (null):0 (tried to allocate 4260 bytes) in Unknown on line 0
I suggest to add a check for maximum recursion level in virtual() if possible and an appropriate directive into the php.ini file that can set this recursion level.
Regards, NTPT
PS: please execuse my bad english
do you have a maximum mem restriction in your php.ini?
paul
----- Original Message -----
From: "NTPT" ntpt@centrum.cz
To: internals@lists.php.net
Sent: Wednesday, June 02, 2004 9:48 AM
Subject: [PHP-DEV] virtual(), an easy way to put Apache server in spirals
down.
Hi.
I think following things may be a security risk in mod_php, maybe allowing a
DoS attak if your server users can use php engine for your www pages.
If you make a file foo.php what contains function virtual(), pointing to
itself, ie virtual(foo.php)
at least in php 4.3.2 an infinite lop occure, that eat up all the memory
and swap, eat all the resouces and script is terminated with :
"failed to open stream: Limit of open files reached "
and
Fatal error: Allowed memory size of 67108864 bytes exhausted at (null):0
(tried to allocate 4260 bytes) in Unknown on line 0
I suggest to add a check for maximum recursion level in virtual() if
possible and an appropriate directive into the php.ini file that can set
this recursion level.
Regards, NTPT
PS: please execuse my bad english
I have max execution time set to 180 and mem limit to 64 mb , there is a
3*128mb physical ram total and about 1G swap space available .
Lowering the mem limit helps a bit (take longer time and more requests
needed ), but if you do more requests (5 - 10 at
almost same time , ie click 10* reload ), situation is the same, server
start swapping and stop almost all response, until httpd processes are
killed by the kernel because exceeded memory limits .....
----- Original Message -----
From: "Paul G" paul@rusko.us
To: internals@lists.php.net
Sent: Wednesday, June 02, 2004 3:47 PM
Subject: Re: [PHP-DEV] virtual(), an easy way to put Apache server in
spirals down.
do you have a maximum mem restriction in your php.ini?
paul
----- Original Message -----
From: "NTPT" ntpt@centrum.cz
To: internals@lists.php.net
Sent: Wednesday, June 02, 2004 9:48 AM
Subject: [PHP-DEV] virtual(), an easy way to put Apache server in spirals
down.Hi.
I think following things may be a security risk in mod_php, maybe allowing
a
DoS attak if your server users can use php engine for your www pages.If you make a file foo.php what contains function virtual(), pointing
to
itself, ie virtual(foo.php)
at least in php 4.3.2 an infinite lop occure, that eat up all the memory
and swap, eat all the resouces and script is terminated with :"failed to open stream: Limit of open files reached "
and
Fatal error: Allowed memory size of 67108864 bytes exhausted at (null):0
(tried to allocate 4260 bytes) in Unknown on line 0I suggest to add a check for maximum recursion level in virtual() if
possible and an appropriate directive into the php.ini file that can set
this recursion level.Regards, NTPT
PS: please execuse my bad english