Re: [BUGTRAQ] PHP local DoS: self-fetching throught HTTP

[Joe Harris <cdi () thewebmasters net>]

On 18 Jul 2001, Ilya Teterin wrote:

> PHP scripting allows "opening" files througth HTTP:
>
> $file=fopen("http://host/page.html","r";);

I would dearly love to see the method used to test for this condition,
since, (and someone slap me if I'm wrong) this is a Turing Machine Halting
problem and is impossible to test for.
 
> If script opening itself throught HTTP, it will result in 
> DoS attack:

What is it with the recent proliferation of "vulnerabilities" that are
painfully  self-evident, or worse, dependent upon write-access previously
being deliberately granted to malicious individuals? (ie, Customers)

Any programming language or shell environment can be used to create an
infinite loop. If server resource limits permit, such loops can tear apart
the machine. If a would-be DoS attacker has write access or shell access 
to the machine, the only thing that can save you are strict resource
limits.

In Perl: http://victim/loop.cgi

  #!/usr/bin/perl
  use LWP::Simple;
  $content = get("http://victim/loop.cgi";);
  ... * poof * ...


In sh or bash: (Now here's an obscure fork-bomb...)
  :(){ :|:&};:

In MSDOS batch file:
  rem Exponential file size creation.
  echo Hi There >> dummy.txt
  @ECHO OFF
  :SAYIT
  type dummy.txt >> dummy.txt
  GOTO SAYIT

We can go on like this forever of course - just like these loops can if
not stomped on by the careful application of service and user limits.

CDI

-- 
The Web Master's Net
http://www.thewebmasters.net/
Today's Excuse:
vapors from evaporating sticky-note adhesives