Vulnerability Development mailing list archives
Re: PHP
From: dengue () LINUX ALPHALINCOLN COM (James Phillips)
Date: Thu, 2 Dec 1999 09:17:28 -0600
On Wed, 1 Dec 1999, Jon Parise wrote:
On Wed, Dec 01, 1999 at 12:00:22PM +0000, Darkcyde wrote:These tend to spiral out of control as because if this happens when PHP is existing as a module as (last time I looked anyway) there doesn't seem to be a way of capping resources that module code eats. (You may scream Rlimitmem/rlimitcpu to me but that only applies to child processes, PHP scripts run within Apache itself)In the php3.ini file (defaults below): ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; ;;;;;;;;;;;;;;;;;;; max_execution_time = 30 ; Maximum execution time of each script, in seconds memory_limit = 8388608 ; Maximum amount of memory a script may consume (8MB) -- Jon Parise (parise () pobox com) . Rochester Inst. of Technology http://www.pobox.com/~parise/ : Computer Science House Member
It's also my understanding that in safe_mode, you can limit the directories in which php can access files. Between these two, that should make php as "safe" as running apache is. Also php runs under the apache uid since it's a module. I suppose if you really wanted to isolate php, you build it as a standalone binary, then run your php scripts as cgi with an add_handler pointing at the php binary, running in safe mode with suExec wrapping it. Of course, that would be very processor intensive and quite slow compared to running it as a module. --jim-- -- James Phillips || ...there is no spoon.
Current thread:
- Re: PHP Darkcyde (Dec 01)
- Re: PHP Jon Parise (Dec 01)
- Re: PHP James Phillips (Dec 02)
- Re: PHP Stuart Henderson (Dec 01)
- Norton AntiVirus 2000 POProxy.exe Craig Bernstein (Dec 01)
- Re: Norton AntiVirus 2000 POProxy.exe Mike Frantzen (Dec 01)
- Re: PHP Jon Parise (Dec 01)