php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #58934 Sandboxes should inherit parent's INI settings.
Submitted: 2009-11-05 03:07 UTC Modified: 2021-05-10 15:08 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: darrin dot nix at gmail dot com Assigned: cmb (profile)
Status: Closed Package: runkit (PECL)
PHP Version: All OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
26 - 10 = ?
Subscribe to this entry?

 
 [2009-11-05 03:07 UTC] darrin dot nix at gmail dot com
Description:
------------
It is easy for a malicious user to put the sandbox into an 
infinite loop that will consume all system resources.  

Typically, max_execution_time and set_time_limit can keep 
these loops from taking down the server.  However, runkit 
ignores these settings.

Reproduce code:
---------------
<?php

// Infinite loop.  Run at your own risk
set_time_limit(5);

for($x=0; $x>0; $x++){
    $$x = rand() * rand();
}

?>
&#8203;

Expected result:
----------------
Die with error after 5 seconds: time limit exceeded.

Actual result:
--------------
Continuous execution that consumes max resources.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-23 14:09 UTC] pollita@php.net
There's no use of runkit in your repro code, so I'm going to assume from your 
description that you intended to imply something like:

<?php
set_time_limit(5);

$php = new Runkit_Sandbox();
$php->eval("for($x=0; $x>0; $x++){
    $$x = rand() * rand();
}");

In which case the behavior is as-expected since the time limit was set in the 
parent context and the parent context isn't the one which is executing.  I 
realize this is a little non-intuitive, so I'll consider adding a loop to 
inherit all current INI settings from the parent's context.
 [2013-02-23 14:10 UTC] pollita@php.net
-Summary: Ignores timeout settings +Summary: Sandboxes should inherit parent's INI settings. -Type: Bug +Type: Feature/Change Request -Operating System: Windows +Operating System: All -PHP Version: 5.3.0 +PHP Version: All -Assigned To: +Assigned To: pollita
 [2017-10-24 06:23 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: pollita +Assigned To:
 [2021-05-10 15:08 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-05-10 15:08 UTC] cmb@php.net
I'm closing this ticket, since the proper place to report runkit
related issues is <https://github.com/zenovich/runkit/issues>.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 02:01:30 2024 UTC