Bug #51350 [Com]: recursively including non existing file causes segfault
Edit report at http://bugs.php.net/bug.php?id=51350&edit=1 ID: 51350 Comment by: tyra3l at gmail dot com Reported by: slogster at gmail dot com Summary: recursively including non existing file causes segfault Status: Bogus Type: Bug Package: Reproducible crash Operating System: freebsd & linux PHP Version: 5.2.13 New Comment: afaik you need the suhosin extension for this functionality, not just the patch. http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.max_depth Tyrael Previous Comments: [2010-03-22 22:52:16] slogster at gmail dot com I've tried it with Suhosin-Patch 0.9.7 and it segfaults too [2010-03-22 21:39:15] tyra3l at gmail dot com should worth to reading it. could you at least give me the year for that discussion? I think, that in this case the script should terminate by memory exhaustion (memory_limit) or time_limit exhaustion, not with segfault. In a managed language I shouldn't be able to do stack overflow from userspace. At least not this easily. [2010-03-22 21:29:00] paj...@php.net That's known and there is no bug per se here. Not everything the suhosin patch does is the right thing to do to solve a problem. As far as I remember there was a (long) discussion on internals about this. You may find it interesting. [2010-03-22 21:25:05] tyra3l at gmail dot com suhosin protects against infinite recursion since 2006. if you can crash the php engine from userland, then you can reset the seed http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf page 33: attacker can get fresh seed by crashing php. so its not only an inconvinience, but can be a security problem also. Tyrael [2010-03-22 17:45:16] johan...@php.net Recusrion in PHP leads to a stack overflow for the process, which we can't properly handle ourselves so the operating system terminates the PHP process. This is the expected behavior. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=51350 -- Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1
Bug #51350 [Com]: recursively including non existing file causes segfault
Edit report at http://bugs.php.net/bug.php?id=51350&edit=1
ID: 51350
Comment by: tyra3l at gmail dot com
Reported by: slogster at gmail dot com
Summary: recursively including non existing file causes
segfault
Status: Bogus
Type: Bug
Package: Reproducible crash
Operating System: freebsd & linux
PHP Version: 5.2.13
New Comment:
should worth to reading it.
could you at least give me the year for that discussion?
I think, that in this case the script should terminate by memory
exhaustion (memory_limit) or time_limit exhaustion, not with segfault.
In a managed language I shouldn't be able to do stack overflow from
userspace.
At least not this easily.
Previous Comments:
[2010-03-22 21:29:00] paj...@php.net
That's known and there is no bug per se here.
Not everything the suhosin patch does is the right thing to do to solve
a problem. As far as I remember there was a (long) discussion on
internals about this. You may find it interesting.
[2010-03-22 21:25:05] tyra3l at gmail dot com
suhosin protects against infinite recursion since 2006.
if you can crash the php engine from userland, then you can reset the
seed
http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf
page 33: attacker can get fresh seed by crashing php.
so its not only an inconvinience, but can be a security problem also.
Tyrael
[2010-03-22 17:45:16] johan...@php.net
Recusrion in PHP leads to a stack overflow for the process, which we
can't properly handle ourselves so the operating system terminates the
PHP process. This is the expected behavior.
[2010-03-22 17:08:20] slogster at gmail dot com
Description:
function a(){include("/nofile"); a();} a();
/nofine is non existing file
Test script:
---
function a(){include("/nofile"); a();} a();
/nofile is non existing file
Expected result:
should not segfault
Actual result:
--
segfault
--
Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1
Bug #51350 [Com]: recursively including non existing file causes segfault
Edit report at http://bugs.php.net/bug.php?id=51350&edit=1
ID: 51350
Comment by: tyra3l at gmail dot com
Reported by: slogster at gmail dot com
Summary: recursively including non existing file causes
segfault
Status: Bogus
Type: Bug
Package: Reproducible crash
Operating System: freebsd & linux
PHP Version: 5.2.13
New Comment:
suhosin protects against infinite recursion since 2006.
if you can crash the php engine from userland, then you can reset the
seed
http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf
page 33: attacker can get fresh seed by crashing php.
so its not only an inconvinience, but can be a security problem also.
Tyrael
Previous Comments:
[2010-03-22 17:45:16] johan...@php.net
Recusrion in PHP leads to a stack overflow for the process, which we
can't properly handle ourselves so the operating system terminates the
PHP process. This is the expected behavior.
[2010-03-22 17:08:20] slogster at gmail dot com
Description:
function a(){include("/nofile"); a();} a();
/nofine is non existing file
Test script:
---
function a(){include("/nofile"); a();} a();
/nofile is non existing file
Expected result:
should not segfault
Actual result:
--
segfault
--
Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1
