httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Apache 2 + PHP5 + broken script = memory exhaustion
Date Tue, 08 Feb 2005 12:45:15 GMT
On Tuesday 08 February 2005 03:24, Sander Holthaus - Orange XL wrote:

> Out of memory during "large" request for 134221824 bytes, total sbrk() is
> 134369280 bytes.

That looks like an underlying attempt to allocate (some uninitialised var)
number of bytes.  Which looks much more like brokenness in PHP itself
than in some scripts.  But of course, ICBW.

>  But still, how can an php-script cause
> so many problems, basically dos'ing the box?

A simple program:
int main() {
  while (1) {
    void* x = malloc(12345) ;
  }
  return 0;
}
will DOS any machine it runs on, unless the underlying OS protects itself
(e.g. with ulimit on unix/linux family boxes).

> What are my options to make Apache 2 and PHP 5 foolproof against broken or
> rogue scripts?

Since you're running PHP as a module, it inherits Apache's resources and 
privileges.   So you have to put limits on Apache.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message