Bug 84642 - passthru() causes DoS
passthru() causes DoS
Status: CLOSED DUPLICATE of bug 97111
Product: Red Hat Linux
Classification: Retired
Component: httpd (Show other bugs)
8.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-19 18:04 EST by Gigs
Modified: 2007-03-27 00:00 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 13:51:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Gigs 2003-02-19 18:04:29 EST
Description of problem:
PHP's passthru function in Red Hat 8 stock PHP/Apache2 is barely functional, if the program it runs returns any significant amount of data, it causes a DoS situation, the server will become very unresponsive, and the query takes much longer than expected.  This could be remotely exploited as a system-wide DoS attack if the user has any script that uses a passthru() function to return data the user requested from an external command.

Version-Release number of selected component (if applicable):
php-4.2.2-8.0.7
httpd-2.0.40-11


How reproducible:
Always

Steps to Reproduce:
1. Create a small php script with one command:

passthru("cat /boot/vmlinuz");
 
2. Request the script through the web server.  The first time it runs it may run quickly and return the proper output, but subsequent times it will randomly take a very long time to return the output, a seeming random amount of time between 10 seconds and 10 minutes.  While the script is running, the server will be very unresponsive.

Note that /boot/vmlinuz is just an example, any command that returns a significant amount of output, (500K+ such as calling ghostscript to generate a PDF/PS file for the user) will cause the condition.  Larger outputs seem to cause the response time to scale up in an exponential growth rate.

Actual results:
Extreme slowdown of server.

Expected results:
Almost instant response with data.

Additional info:
Comment 1 Joe Orton 2003-02-20 06:53:16 EST
passthru() did get optimized recently upstream, though this sounds like a more
serious problem.  (http://bugs.php.net/bug.php?id=22308)
Comment 2 Joe Orton 2003-10-09 04:10:00 EDT
This was a problem where httpd would sometimes buffer up dynamic content, and
was fixed by the most recent httpd erratum.

Thanks for the report.

*** This bug has been marked as a duplicate of 97111 ***
Comment 3 Red Hat Bugzilla 2006-02-21 13:51:53 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.