On 9/21/16 8:37 AM, Rowan Collins wrote:
On 21 September 2016 13:02:20 BST, Glenn Eggleton <geggl...@gmail.com> wrote:
What if we had some sort of configuration limit on collision length?


Previous discussions have come to the conclusion that the difference between 
normal collision frequency and sufficient for a DoS is so large that the only 
meaningful settings would be on or off. e.g. the proposed limit is 1000, and 
randomly inserting millions of rows produces about 12.

The problem with long running applications is not that they need to raise the 
limit, it's that they need to handle the error gracefully if they are in fact 
under attack. Because hash tables are so ubiquitous in the engine, there's no 
guarantee that that's possible, so an attacker would have the ability to crash 
the process with the limit turned on, or hang the CPU with the limit turned off.

Right. It seems like count-and-limit pushes the problem onto the user who then has to discriminate normal from malicious causes for rising counters and find appropriate actions for each.

Even a sophisticated user who understands hash collision counters may not welcome this since it adds complexity that's hard to test and involves questionable heuristics.

Tom


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to