lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 27 May 2008 10:44:00 -0000 From: cxib@...urityreason.com To: bugtraq@...urityfocus.com Subject: Re: function sleep() in all versions of PHP Yeap. „Using PHP as an in-process script interpreter grants script authors control over the httpd children.” It is possible to make DoS (block all sockets/memory exe.). (more in Xploit magazin) Reason: Use PHP via a CGI interpreter with RLimit* directives. Anyone how use PHP as an in-process script interpreter, can be dangerous. Best Regards, Maksymilian Arciemowicz securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg