Description:
------------
Forking a process to run a second PHP script using 
system() or exec() creates a fork bomb in CGI version of 
PHP 4.4.2. This appears to be due to the 
$PATH_TRANSLATED environment variable not being cleared 
correctly and is reproducible from the command line.

Reproduce code:
---------------
test1.php:
<?php system("php -q test2.php")?>

test2.php
<?php echo "hello, i'm test2.php\n"?>

Expected result:
----------------
When test1.php is run via a web server or from the 
command line, I would expect to just see the output of 
test2.php.



Actual result:
--------------
Running test1.php via a web server (Zeus 4.3r2 in our 
case) creates a fork bomb, which looks like this in ps:

17522 2:49  \_ zeus.cgi
16666 0:00  |   \_ php
16668 0:00  |   |   \_ php -q test2.php
16670 0:00  |   |       \_ php -q test2.php
16672 0:00  |   |           \_ php -q test2.php
16674 0:00  |   |               \_ php -q test2.php
16676 0:00  |   |                   \_ php -q test2.php

...etc...

With some help from the Zeus developers, we have 
determined that this appears to be due to the 
$PATH_TRANSLATED environment variable not being cleared 
correctly. This can be replicated from the command line 
as follows:

export PATH_TRANSLATED="test1.php"; php test1.php

PHP was configured with the following options:

./configure --prefix=/usr/local --enable-bcmath --with-
freetype-dir --enable-ftp --with-mysql=/usr --with-
mssql=/usr/local --with-mcrypt=/usr/local/lib/libmcrypt 
--with-zlib-dir=/usr/local --with-pspell --with-curl --
with-imap=/usr/local/imap-2002e --with-gd --with-jpeg-
dir --with-png-dir --with-libdir=/usr/lib --with-ttf --
with-xml --enable-xslt --with-xslt-sablot --with-sablot-
js --enable-mbstring --with-config-file-path=/usr/local/
bin --with-pear --with-openssl