It's a default PHP installation. We aren't calling set_time_limit(). I know
its an infinite loop, the point is that if a user wanted to attack a server
(happens every day) they would be able to use this method to take the server

Dustin E. Childers
Security Administrator. CEO, Digitux Security, Inc.

----- Original Message -----
From: "Jason Murray" <[EMAIL PROTECTED]>
To: "'Dustin E. Childers'" <[EMAIL PROTECTED]>
Sent: Wednesday, April 17, 2002 5:04 PM
Subject: RE: [PHP] Nasty DoS in PHP

> > It does not stop after its execution time.
> Is your PHP actually configured to stop running after 30 seconds,
> though? Its the default, but you may have overridden it.
> > We have let this run for 10+ minutes to see if it would crash the
> > server, and it did.
> Is it possible you're called set_time_limit() to increase the
> script's timeout and thus allow it to run?
> > It does not affect the person that loads the code in the browser,
> > just affects the server running the code.
> Well ... yeah. This is not surprising :p :)
> Either way, the fact still remains it's an infinite loop and you
> just shouldn't write it. :)
> J

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to