Bugtraq mailing list archives
Re: function sleep() in all versions of PHP
From: cxib () securityreason com
Date: 27 May 2008 10:44:00 -0000
Yeap. Using PHP as an in-process script interpreter grants script authors control over the httpd children. It is possible to make DoS (block all sockets/memory exe.). (more in Xploit magazin) Reason: Use PHP via a CGI interpreter with RLimit* directives. Anyone how use PHP as an in-process script interpreter, can be dangerous. Best Regards, Maksymilian Arciemowicz securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
Current thread:
- function sleep() in all versions of PHP gogulas (May 26)
- Re: function sleep() in all versions of PHP Mark Sanders (May 26)
- Re: function sleep() in all versions of PHP Juan Miguel - Prisma Virtual - (May 27)
- Re: function sleep() in all versions of PHP Charles Morris (May 27)
- Re: function sleep() in all versions of PHP Michael G. Reed (May 27)
- Re: function sleep() in all versions of PHP Glynn Clements (May 28)
- RE: function sleep() in all versions of PHP Michael Wojcik (May 28)
- <Possible follow-ups>
- Re: function sleep() in all versions of PHP cxib (May 27)
- Re: function sleep() in all versions of PHP Mark Sanders (May 26)