Bug #51350 [Com]: recursively including non existing file causes segfault
Edit report at http://bugs.php.net/bug.php?id=51350&edit=1 ID: 51350 Comment by: tyra3l at gmail dot com Reported by: slogster at gmail dot com Summary: recursively including non existing file causes segfault Status: Bogus Type: Bug Package: Reproducible crash Operating System: freebsd & linux PHP Version: 5.2.13 New Comment: afaik you need the suhosin extension for this functionality, not just the patch. http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.max_depth Tyrael Previous Comments: [2010-03-22 22:52:16] slogster at gmail dot com I've tried it with Suhosin-Patch 0.9.7 and it segfaults too [2010-03-22 21:39:15] tyra3l at gmail dot com should worth to reading it. could you at least give me the year for that discussion? I think, that in this case the script should terminate by memory exhaustion (memory_limit) or time_limit exhaustion, not with segfault. In a managed language I shouldn't be able to do stack overflow from userspace. At least not this easily. [2010-03-22 21:29:00] paj...@php.net That's known and there is no bug per se here. Not everything the suhosin patch does is the right thing to do to solve a problem. As far as I remember there was a (long) discussion on internals about this. You may find it interesting. [2010-03-22 21:25:05] tyra3l at gmail dot com suhosin protects against infinite recursion since 2006. if you can crash the php engine from userland, then you can reset the seed http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf page 33: attacker can get fresh seed by crashing php. so its not only an inconvinience, but can be a security problem also. Tyrael [2010-03-22 17:45:16] johan...@php.net Recusrion in PHP leads to a stack overflow for the process, which we can't properly handle ourselves so the operating system terminates the PHP process. This is the expected behavior. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=51350 -- Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1
Bug #51350 [Com]: recursively including non existing file causes segfault
Edit report at http://bugs.php.net/bug.php?id=51350&edit=1 ID: 51350 Comment by: tyra3l at gmail dot com Reported by: slogster at gmail dot com Summary: recursively including non existing file causes segfault Status: Bogus Type: Bug Package: Reproducible crash Operating System: freebsd & linux PHP Version: 5.2.13 New Comment: should worth to reading it. could you at least give me the year for that discussion? I think, that in this case the script should terminate by memory exhaustion (memory_limit) or time_limit exhaustion, not with segfault. In a managed language I shouldn't be able to do stack overflow from userspace. At least not this easily. Previous Comments: [2010-03-22 21:29:00] paj...@php.net That's known and there is no bug per se here. Not everything the suhosin patch does is the right thing to do to solve a problem. As far as I remember there was a (long) discussion on internals about this. You may find it interesting. [2010-03-22 21:25:05] tyra3l at gmail dot com suhosin protects against infinite recursion since 2006. if you can crash the php engine from userland, then you can reset the seed http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf page 33: attacker can get fresh seed by crashing php. so its not only an inconvinience, but can be a security problem also. Tyrael [2010-03-22 17:45:16] johan...@php.net Recusrion in PHP leads to a stack overflow for the process, which we can't properly handle ourselves so the operating system terminates the PHP process. This is the expected behavior. [2010-03-22 17:08:20] slogster at gmail dot com Description: function a(){include("/nofile"); a();} a(); /nofine is non existing file Test script: --- function a(){include("/nofile"); a();} a(); /nofile is non existing file Expected result: should not segfault Actual result: -- segfault -- Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1
Bug #51350 [Com]: recursively including non existing file causes segfault
Edit report at http://bugs.php.net/bug.php?id=51350&edit=1 ID: 51350 Comment by: tyra3l at gmail dot com Reported by: slogster at gmail dot com Summary: recursively including non existing file causes segfault Status: Bogus Type: Bug Package: Reproducible crash Operating System: freebsd & linux PHP Version: 5.2.13 New Comment: suhosin protects against infinite recursion since 2006. if you can crash the php engine from userland, then you can reset the seed http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf page 33: attacker can get fresh seed by crashing php. so its not only an inconvinience, but can be a security problem also. Tyrael Previous Comments: [2010-03-22 17:45:16] johan...@php.net Recusrion in PHP leads to a stack overflow for the process, which we can't properly handle ourselves so the operating system terminates the PHP process. This is the expected behavior. [2010-03-22 17:08:20] slogster at gmail dot com Description: function a(){include("/nofile"); a();} a(); /nofine is non existing file Test script: --- function a(){include("/nofile"); a();} a(); /nofile is non existing file Expected result: should not segfault Actual result: -- segfault -- Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1