From: mdon at names dot co dot uk
Operating system: CentOS 4.2
PHP version: 4.4.2
PHP Bug Type: CGI related
Bug description: Fork bomb with system() and exec()
Description:
------------
Forking a process to run a second PHP script using
system() or exec() creates a fork bomb in CGI version of
PHP 4.4.2. This appears to be due to the
$PATH_TRANSLATED environment variable not being cleared
correctly and is reproducible from the command line.
Reproduce code:
---------------
test1.php:
<?php system("php -q test2.php")?>
test2.php
<?php echo "hello, i'm test2.php\n"?>
Expected result:
----------------
When test1.php is run via a web server or from the
command line, I would expect to just see the output of
test2.php.
Actual result:
--------------
Running test1.php via a web server (Zeus 4.3r2 in our
case) creates a fork bomb, which looks like this in ps:
17522 2:49 \_ zeus.cgi
16666 0:00 | \_ php
16668 0:00 | | \_ php -q test2.php
16670 0:00 | | \_ php -q test2.php
16672 0:00 | | \_ php -q test2.php
16674 0:00 | | \_ php -q test2.php
16676 0:00 | | \_ php -q test2.php
...etc...
With some help from the Zeus developers, we have
determined that this appears to be due to the
$PATH_TRANSLATED environment variable not being cleared
correctly. This can be replicated from the command line
as follows:
export PATH_TRANSLATED="test1.php"; php test1.php
PHP was configured with the following options:
./configure --prefix=/usr/local --enable-bcmath --with-
freetype-dir --enable-ftp --with-mysql=/usr --with-
mssql=/usr/local --with-mcrypt=/usr/local/lib/libmcrypt
--with-zlib-dir=/usr/local --with-pspell --with-curl --
with-imap=/usr/local/imap-2002e --with-gd --with-jpeg-
dir --with-png-dir --with-libdir=/usr/lib --with-ttf --
with-xml --enable-xslt --with-xslt-sablot --with-sablot-
js --enable-mbstring --with-config-file-path=/usr/local/
bin --with-pear --with-openssl
--
Edit bug report at http://bugs.php.net/?id=37679&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=37679&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=37679&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=37679&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=37679&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=37679&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=37679&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=37679&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=37679&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=37679&r=support
Expected behavior: http://bugs.php.net/fix.php?id=37679&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=37679&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=37679&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=37679&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37679&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=37679&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=37679&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=37679&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=37679&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=37679&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=37679&r=mysqlcfg
