|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2009-11-05 03:07 UTC] darrin dot nix at gmail dot com
Description:
------------
It is easy for a malicious user to put the sandbox into an
infinite loop that will consume all system resources.
Typically, max_execution_time and set_time_limit can keep
these loops from taking down the server. However, runkit
ignores these settings.
Reproduce code:
---------------
<?php
// Infinite loop. Run at your own risk
set_time_limit(5);
for($x=0; $x>0; $x++){
$$x = rand() * rand();
}
?>
​
Expected result:
----------------
Die with error after 5 seconds: time limit exceeded.
Actual result:
--------------
Continuous execution that consumes max resources.
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Oct 26 00:00:01 2025 UTC |
There's no use of runkit in your repro code, so I'm going to assume from your description that you intended to imply something like: <?php set_time_limit(5); $php = new Runkit_Sandbox(); $php->eval("for($x=0; $x>0; $x++){ $$x = rand() * rand(); }"); In which case the behavior is as-expected since the time limit was set in the parent context and the parent context isn't the one which is executing. I realize this is a little non-intuitive, so I'll consider adding a loop to inherit all current INI settings from the parent's context.