Dear all, I have discovered something very peculiar in our suPHP-Apache2 setup. We have two servers running Gentoo with the following installed(and their useflags, I stripped out irrelevant useflags): www-apache/mod_suphp-0.6.3 mode-owner www-servers/apache-2.2.10 apache2_mpms_prefork
It appears that buggy CGI scripts, in this scenario a program that loops
infinitely, will continue execution even if the connection is closed. I
wonder if this is a known issue. If so, is there a fix or workaround?
I discovered this after Apache locked up several times while running out
of threads. This was visualized in our monitoring system. In an attempt
on recreating the scenario, I thought it might be related to scripts
being executed infinitely. But I don't think that is the case, as the
effects of my discovery differs from the original observations. There
are similarities, like threads being in use while the client terminated
the connection already. [anybody came across this??]
Back on the bug I am reporting: I think it is pretty serious as any user
could trigger a DoS. Malicious outsiders should not be excluded.
Reproduce
---------
setup apache + suPHP
create a cgi script within the docroot:
#!/bin/sh
while [ 1 ]; do
sleep 60
done
Execute the script through Apache (from a webbrowser).
On the client terminate the connection
Verify the script is still running on the webserver.
Not affected
------------
php scripts (regulated by php.ini)
Affected
--------
suspect all non-php scripts or programs
I hope I've provided enough information.
--
--
Xiwen Cheng
System Administrator ;" Enthusiasm is contagious,
Mathematical Institute ; but hype is a disease. "
Leiden University ;E-mail: xch...@math.leidenuniv.nl
Niels Bohrweg 1 K210 ;Office: (+31) 715277134
2333 CA Leiden ;Mobile: (+31) 611119991
The Netherlands ;GPG Key id: 194F572B
++
pgp5ZFGjipTNk.pgp
Description: PGP signature
_______________________________________________ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp
