php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7822 system crash
Submitted: 2000-11-14 19:06 UTC Modified: 2001-05-10 10:14 UTC
From: wuxinan at 263 dot net Assigned:
Status: Closed Package: Apache related
PHP Version: 4.0.4 OS: Windows 98
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: wuxinan at 263 dot net
New email:
PHP Version: OS:

 

 [2000-11-14 19:06 UTC] wuxinan at 263 dot net
I config PHP for Apache 1.3.14 for Win32 as almost all people do: in apache configuation file:

ScriptAlias /php/ "C:/Program Files/PHP/"
<Directory "C:/Program Files/PHP/">
    AllowOverride None
    Options None
</Directory>
AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php.exe"

All the things go well and apache is able to process .php files. However, I type: http://localhost/php/php.exe, then my system crashes... Windows says that php.exe: program error.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-06 02:29 UTC] cynic@php.net
does this problem exist in PHP 4.0.4
 [2001-01-08 02:32 UTC] wuxinan at 263 dot net
In 4.0.4, This bug still exists.

(Win32, php.ini) Conditions for this bug:
safe_mode=Off
doc_root=; the root of the php pages, used only if nonempty
(doc_root is empty)

In such configured PHP, system will crash if I type the URL:
http://localhost/php/php.exe
(Note: no "/" at the end of the URL)

I may consult the source code if I have time later.
 [2001-01-12 10:26 UTC] cynic@php.net
indeed. a temporary workaround, if I may:

<LocationMatch "/php/php(\.exe)?">
	deny from all
</LocationMatch>

This at least denies direct access to the executable, and thus gets you rid of the crashes.
 [2001-01-12 12:27 UTC] wuxinan at 263 dot net
cynic: This is a Great Idea!
 [2001-05-04 03:41 UTC] wuxinan at 263 dot net
Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98
this problem still exists.

Default setting will make system crash in Windows 98 if accessing something like

http://localhost/php/php.exe

I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.).
 [2001-05-07 12:35 UTC] sbergmann@php.net
I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that?

 [2001-05-07 12:52 UTC] cynic@php.net
I guess the point is to prevent malicious users from crashing the server.
 [2001-05-09 11:22 UTC] sniper@php.net
System security bugs are quite critical.
This has to be addressed before 4.0.6

--Jani

 [2001-05-10 10:14 UTC] zeev@php.net
Fixed in the CVS.  Thanks for the report!
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Mar 02 09:01:24 2021 UTC