Actually, it occurs on Solaris as well. I just coded up the script, and it brought my server to its knees, though I was able to break it before it hanged hard.
My configuration: * Solaris 8 108528-12 * PHP 4.1.1 as an executable (didn't try through Apache) * 512mb ram, 1 @ 440MHx UltraSPARC IIi My php.ini specifies: * max_execution_time = 120 * memory_limit = 128M Yet, I let the script run for a while (over two minutes) and it had managed to consume 80% of my cpu time and over one gig of virtual memory (phys + swap)! It should be noted that while this is indeed a "very bad thing," the following snippet of C code is just as bad, yet it's not technically a bug -- just bad programming: int main(void) { void *p; while (1) p = malloc(1024); /*NOTREACHED*/ return 0; } /bsh/ Jason Murray wrote: >>I'd be interested in knowing your versions and the versions >>of the first guy that posted about this. Maybe he has the same >>setup as me, or close enough, but both of us are different >>from you. > > > Actually, I just thought about it - maybe you guys are both running > it on Windows (shame on you ;)). > > I *have* actually seen PHP bring down IIS with a setcookie command. > Since a setcookie issues headers, I thought "fine, screw you, I'll > set the headers myself", and it STILL brought IIS down. And indeed, > the load *did* skyrocket and require a reboot of the server. > > I asked around here at the time if anyone had experienced this (look > through the mailing list archive to find it) and at the time got > more of a congratulatory salute from the list members than any real > responses :) > > Maybe this is more of a PHP-on-IIS issue than an actual security > issue in PHP. > > Jason > -- /---------------------------------------------=[ BILLY S HALSEY ]=--\ | Member of Technical Staff, Sun Microsystems, Inc. ESP Solaris SW | | "All opinions and technical advice offered in this message are my | | own and not necessarily endorsed by my employer." | \--=[ [EMAIL PROTECTED] ]=--------------------------------------------/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php