Dear all, I have discovered something very peculiar in our suPHP-Apache2 setup. We have two servers running Gentoo with the following installed(and their useflags, I stripped out irrelevant useflags): www-apache/mod_suphp-0.6.3 mode-owner www-servers/apache-2.2.10 apache2_mpms_prefork
It appears that buggy CGI scripts, in this scenario a program that loops infinitely, will continue execution even if the connection is closed. I wonder if this is a known issue. If so, is there a fix or workaround? I discovered this after Apache locked up several times while running out of threads. This was visualized in our monitoring system. In an attempt on recreating the scenario, I thought it might be related to scripts being executed infinitely. But I don't think that is the case, as the effects of my discovery differs from the original observations. There are similarities, like threads being in use while the client terminated the connection already. [anybody came across this??] Back on the bug I am reporting: I think it is pretty serious as any user could trigger a DoS. Malicious outsiders should not be excluded. Reproduce --------- setup apache + suPHP create a cgi script within the docroot: #!/bin/sh while [ 1 ]; do sleep 60 done Execute the script through Apache (from a webbrowser). On the client terminate the connection Verify the script is still running on the webserver. Not affected ------------ php scripts (regulated by php.ini) Affected -------- suspect all non-php scripts or programs I hope I've provided enough information. -- -- Xiwen Cheng System Administrator ;" Enthusiasm is contagious, Mathematical Institute ; but hype is a disease. " Leiden University ;E-mail: xch...@math.leidenuniv.nl Niels Bohrweg 1 K210 ;Office: (+31) 715277134 2333 CA Leiden ;Mobile: (+31) 611119991 The Netherlands ;GPG Key id: 194F572B ++
pgp5ZFGjipTNk.pgp
Description: PGP signature
_______________________________________________ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp