php.ini: memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)
That is in there, I execute the code from a browser. ps aux: nobody 60155 84.6 16.8 88644 87424 ?? R 5:15PM 0:23.23 /www/bin/httpd using 84.6% of CPU and 16.8% of Memory. Dustin E. Childers Security Administrator. CEO, Digitux Security, Inc. http://www.digitux.net/ ----- Original Message ----- From: "Rasmus Lerdorf" <[EMAIL PROTECTED]> To: "Dustin E. Childers" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 12:58 PM Subject: Re: [PHP] Nasty DoS in PHP > Turn on the memory-limit option > > On Wed, 17 Apr 2002, Dustin E. Childers wrote: > > > Hello. > > > > I have found something interesting that can kill the server. I'm not sure if this is because of Apache or PHP. If you use PHP to send a header() inside of a while loop, the httpd process will begin to use massive CPU and Memory until it is killed, or the server is killed. Here is what I used: > > > > <? > > while(0<1) { > > header("A"); > > } > > ?> > > > > We have tested this on apache 1.3.22, and apache 2.0.35, using php 4.1.2 and 4.2.0RC4. It was able to completly kill our servers (not apache, the entire server). The loads of the server will reach 50+. I have contacted apache about this and they said that it is PHP related. > > > > Dustin E. Childers > > Security Administrator. CEO, Digitux Security, Inc. > > http://www.digitux.net/ > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
