Hi,
On Wed, Jun 03, 2009 at 12:05:48PM +0200, Xiwen Cheng wrote: > Dear all, > > [...] > > It appears that buggy CGI scripts, in this scenario a program that loops > infinitely, will continue execution even if the connection is closed. I > wonder if this is a known issue. If so, is there a fix or workaround? This can't be a bug of suphp. At best a bug of Apache, and I am sure it is not. Killing a process might have dangerous endings, like half finished jobs. Is it better to finish something while the client's connection is closed without sending the result or to kill something which is not finished yet ? I guess it's better to let the script finish ;-) > I discovered this after Apache locked up several times while running out > of threads. This was visualized in our monitoring system. In an attempt > on recreating the scenario, I thought it might be related to scripts > being executed infinitely. But I don't think that is the case, as the > effects of my discovery differs from the original observations. There > are similarities, like threads being in use while the client terminated > the connection already. [anybody came across this??] Personally I use a tiny home-made software to kill processes in this situation. > Back on the bug I am reporting: I think it is pretty serious as any user > could trigger a DoS. Malicious outsiders should not be excluded. > > Reproduce > --------- > setup apache + suPHP > create a cgi script within the docroot: > #!/bin/sh > while [ 1 ]; do > sleep 60 > done > > Execute the script through Apache (from a webbrowser). > On the client terminate the connection > Verify the script is still running on the webserver. > > > Not affected > ------------ > php scripts (regulated by php.ini) Actually they are "affected" too, you could try a sleep(3600);, PHP only checks for execution time after each (core?) function. > Affected > -------- > suspect all non-php scripts or programs > > I hope I've provided enough information. Hope I helped ;) Sylvain
signature.asc
Description: Digital signature
_______________________________________________ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp
