#41809 [Fbk->Opn]: Provide option to limit number of logfile entries per script invocation

Tue, 26 Jun 2007 06:33:27 -0700 

 ID:               41809
 User updated by:  bugs-php at misc dot lka dot org dot lu
 Reported By:      bugs-php at misc dot lka dot org dot lu
-Status:           Feedback
+Status:           Open
 Bug Type:         PHP options/info functions
 Operating System: Linux
 PHP Version:      5.2.3
 New Comment:

In practice, how would one implement this?


Previous Comments:
------------------------------------------------------------------------

[2007-06-26 12:59:10] [EMAIL PROTECTED]

Something like "quota" you should be doing on the filesystem level.
Especially if you're running some hosting company or such.

------------------------------------------------------------------------

[2007-06-26 09:25:58] bugs-php at misc dot lka dot org dot lu

Description:
------------
Right now, an untrusted user can write a PHP script that seriously
impacts a server by filling up its log file.

Even the ignore_repeated_errors settings doesn't help here, if the
script alternates between two messges.

We had this happen here accidentally, using a construct such as
follows:
$fp=fopen($website,"r");
while (!feof($fp))
        {
        ....
        }

where the test whether $fp was a valid file handle was forgotten...

And log_errors_max_len didn't help either; apparently this covers the
length of an individual log entry, rather than multiple log entries 
issued by the same script invocation.

In order to solve this issue, would it be possible to have one of the
following solutions:
 1. A max_log_lines quota which would just stop logging if reached.
 2. A max_log_lines_kill quota, which would kill the script if reached
 3. Some mandatory wait after each log line, to slow down the filling
up of the log

Reproduce code:
---------------
<?php
$website="http://www.ruthe.de/strip/strip.pl";;
$fp=fopen($website,"r");
//      or die ("Cannot open url");
$bild="null";
while (!feof($fp))
        {
        $a = ereg("img/strip_[0-9]+.jpg",fgets($fp,1024),$bild);
        }
$url="http://www.ruthe.de/strip/".$bild[0];
//print "ruthe.de=$url";
fclose($fp);
?>


Expected result:
----------------
Script fails, but machine stays up

Actual result:
--------------
Apache error_log file fills up /var partition until machine crashes and
burns...


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=41809&edit=1

Reply via email to