do you have a maximum mem restriction in your php.ini? paul
----- Original Message ----- From: "NTPT" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 02, 2004 9:48 AM Subject: [PHP-DEV] virtual(), an easy way to put Apache server in spirals down. Hi. I think following things may be a security risk in mod_php, maybe allowing a DoS attak if your server users can use php engine for your www pages. If you make a file foo.php what contains function virtual(), pointing to itself, ie virtual(foo.php) at least in php 4.3.2 an infinite lop occure, that eat up all the memory and swap, eat all the resouces and script is terminated with : "failed to open stream: Limit of open files reached " and Fatal error: Allowed memory size of 67108864 bytes exhausted at (null):0 (tried to allocate 4260 bytes) in Unknown on line 0 I suggest to add a check for maximum recursion level in virtual() if possible and an appropriate directive into the php.ini file that can set this recursion level. Regards, NTPT PS: please execuse my bad english -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
