Actually, it occurs on Solaris as well. I just coded up the script, and
it brought my server to its knees, though I was able to break it before
it hanged hard.
My configuration:
* Solaris 8 108528-12
* PHP 4.1.1 as an executable (didn't try through Apache)
* 512mb ram, 1 @ 440MHx UltraSPARC IIi
My php.ini specifies:
* max_execution_time = 120
* memory_limit = 128M
Yet, I let the script run for a while (over two minutes) and it had
managed to consume 80% of my cpu time and over one gig of virtual memory
(phys + swap)!
It should be noted that while this is indeed a "very bad thing," the
following snippet of C code is just as bad, yet it's not technically a
bug -- just bad programming:
int main(void)
{
void *p;
while (1)
p = malloc(1024);
/*NOTREACHED*/
return 0;
}
/bsh/
Jason Murray wrote:
>>I'd be interested in knowing your versions and the versions
>>of the first guy that posted about this. Maybe he has the same
>>setup as me, or close enough, but both of us are different
>>from you.
>
>
> Actually, I just thought about it - maybe you guys are both running
> it on Windows (shame on you ;)).
>
> I *have* actually seen PHP bring down IIS with a setcookie command.
> Since a setcookie issues headers, I thought "fine, screw you, I'll
> set the headers myself", and it STILL brought IIS down. And indeed,
> the load *did* skyrocket and require a reboot of the server.
>
> I asked around here at the time if anyone had experienced this (look
> through the mailing list archive to find it) and at the time got
> more of a congratulatory salute from the list members than any real
> responses :)
>
> Maybe this is more of a PHP-on-IIS issue than an actual security
> issue in PHP.
>
> Jason
>
--
/---------------------------------------------=[ BILLY S HALSEY ]=--\
| Member of Technical Staff, Sun Microsystems, Inc. ESP Solaris SW |
| "All opinions and technical advice offered in this message are my |
| own and not necessarily endorsed by my employer." |
\--=[ [EMAIL PROTECTED] ]=--------------------------------------------/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
