php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #58934 Sandboxes should inherit parent's INI settings.
Submitted: 2009-11-05 03:07 UTC Modified: 2021-05-10 15:08 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: darrin dot nix at gmail dot com Assigned: cmb (profile)
Status: Closed Package: runkit (PECL)
PHP Version: All OS: All
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: darrin dot nix at gmail dot com
New email:
PHP Version: OS:

 

 [2009-11-05 03:07 UTC] darrin dot nix at gmail dot com 
Description:
------------
It is easy for a malicious user to put the sandbox into an 
infinite loop that will consume all system resources.  

Typically, max_execution_time and set_time_limit can keep 
these loops from taking down the server.  However, runkit 
ignores these settings.

Reproduce code:
---------------
<?php

// Infinite loop.  Run at your own risk
set_time_limit(5);

for($x=0; $x>0; $x++){
    $$x = rand() * rand();
}

?>
&#8203;

Expected result:
----------------
Die with error after 5 seconds: time limit exceeded.

Actual result:
--------------
Continuous execution that consumes max resources.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-23 14:09 UTC] pollita@php.net 
There's no use of runkit in your repro code, so I'm going to assume from your 
description that you intended to imply something like:

<?php
set_time_limit(5);

$php = new Runkit_Sandbox();
$php->eval("for($x=0; $x>0; $x++){
    $$x = rand() * rand();
}");

In which case the behavior is as-expected since the time limit was set in the 
parent context and the parent context isn't the one which is executing.  I 
realize this is a little non-intuitive, so I'll consider adding a loop to 
inherit all current INI settings from the parent's context.
 [2013-02-23 14:10 UTC] pollita@php.net
-Summary: Ignores timeout settings +Summary: Sandboxes should inherit parent's INI settings. -Type: Bug +Type: Feature/Change Request -Operating System: Windows +Operating System: All -PHP Version: 5.3.0 +PHP Version: All -Assigned To: +Assigned To: pollita
 [2017-10-24 06:23 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: pollita +Assigned To:
 [2021-05-10 15:08 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-05-10 15:08 UTC] cmb@php.net 
I'm closing this ticket, since the proper place to report runkit
related issues is <https://github.com/zenovich/runkit/issues>.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC