Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 84642 - passthru() causes DoS
Summary: passthru() causes DoS
Keywords:
Status: CLOSED DUPLICATE of bug 97111
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: httpd
Version: 8.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-02-19 23:04 UTC by Gigs
Modified: 2007-03-27 04:00 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-21 18:51:53 UTC


Attachments (Terms of Use)

Description Gigs 2003-02-19 23:04:29 UTC
Description of problem:
PHP's passthru function in Red Hat 8 stock PHP/Apache2 is barely functional, if the program it runs returns any significant amount of data, it causes a DoS situation, the server will become very unresponsive, and the query takes much longer than expected.  This could be remotely exploited as a system-wide DoS attack if the user has any script that uses a passthru() function to return data the user requested from an external command.

Version-Release number of selected component (if applicable):
php-4.2.2-8.0.7
httpd-2.0.40-11


How reproducible:
Always

Steps to Reproduce:
1. Create a small php script with one command:

passthru("cat /boot/vmlinuz");
 
2. Request the script through the web server.  The first time it runs it may run quickly and return the proper output, but subsequent times it will randomly take a very long time to return the output, a seeming random amount of time between 10 seconds and 10 minutes.  While the script is running, the server will be very unresponsive.

Note that /boot/vmlinuz is just an example, any command that returns a significant amount of output, (500K+ such as calling ghostscript to generate a PDF/PS file for the user) will cause the condition.  Larger outputs seem to cause the response time to scale up in an exponential growth rate.

Actual results:
Extreme slowdown of server.

Expected results:
Almost instant response with data.

Additional info:

Comment 1 Joe Orton 2003-02-20 11:53:16 UTC
passthru() did get optimized recently upstream, though this sounds like a more
serious problem.  (http://bugs.php.net/bug.php?id=22308)

Comment 2 Joe Orton 2003-10-09 08:10:00 UTC
This was a problem where httpd would sometimes buffer up dynamic content, and
was fixed by the most recent httpd erratum.

Thanks for the report.

*** This bug has been marked as a duplicate of 97111 ***

Comment 3 Red Hat Bugzilla 2006-02-21 18:51:53 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.