Just catching up on my emails and saw this thread.
Just a note that it didn't happen under
FreeBSD 4.5-R p3
PHP 4.1.2 (Apache module)
386M Ram, PIII 450 box
Advertising
The script died after the max_time setting, and apache's children
returned back to their happy go lucky nature all by themselves...
Billy S Halsey wrote:
> Actually, it occurs on Solaris as well. I just coded up the script,
> and it brought my server to its knees, though I was able to break it
> before it hanged hard.
>
> My configuration:
>
> * Solaris 8 108528-12
> * PHP 4.1.1 as an executable (didn't try through Apache)
> * 512mb ram, 1 @ 440MHx UltraSPARC IIi
>
> My php.ini specifies:
>
> * max_execution_time = 120
> * memory_limit = 128M
>
> Yet, I let the script run for a while (over two minutes) and it had
> managed to consume 80% of my cpu time and over one gig of virtual
> memory (phys + swap)!
>
> It should be noted that while this is indeed a "very bad thing," the
> following snippet of C code is just as bad, yet it's not technically a
> bug -- just bad programming:
>
> int main(void)
> {
> void *p;
> while (1)
> p = malloc(1024);
> /*NOTREACHED*/
> return 0;
> }
>
> /bsh/
>
> Jason Murray wrote:
>
>>> I'd be interested in knowing your versions and the versions of the
>>> first guy that posted about this. Maybe he has the same setup as me,
>>> or close enough, but both of us are different from you.
>>
>>
>>
>> Actually, I just thought about it - maybe you guys are both running
>> it on Windows (shame on you ;)).
>>
>> I *have* actually seen PHP bring down IIS with a setcookie command.
>> Since a setcookie issues headers, I thought "fine, screw you, I'll
>> set the headers myself", and it STILL brought IIS down. And indeed,
>> the load *did* skyrocket and require a reboot of the server.
>>
>> I asked around here at the time if anyone had experienced this (look
>> through the mailing list archive to find it) and at the time got
>> more of a congratulatory salute from the list members than any real
>> responses :)
>>
>> Maybe this is more of a PHP-on-IIS issue than an actual security
>> issue in PHP.
>>
>> Jason
>>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php