On 18 Jul 2001, Ilya Teterin wrote: > PHP scripting allows "opening" files througth HTTP: > > $file=fopen("http://host/page.html","r"); I would dearly love to see the method used to test for this condition, since, (and someone slap me if I'm wrong) this is a Turing Machine Halting problem and is impossible to test for. > If script opening itself throught HTTP, it will result in > DoS attack: What is it with the recent proliferation of "vulnerabilities" that are painfully self-evident, or worse, dependent upon write-access previously being deliberately granted to malicious individuals? (ie, Customers) Any programming language or shell environment can be used to create an infinite loop. If server resource limits permit, such loops can tear apart the machine. If a would-be DoS attacker has write access or shell access to the machine, the only thing that can save you are strict resource limits. In Perl: http://victim/loop.cgi #!/usr/bin/perl use LWP::Simple; $content = get("http://victim/loop.cgi"); ... * poof * ... In sh or bash: (Now here's an obscure fork-bomb...) :(){ :|:&};: In MSDOS batch file: rem Exponential file size creation. echo Hi There >> dummy.txt @ECHO OFF :SAYIT type dummy.txt >> dummy.txt GOTO SAYIT We can go on like this forever of course - just like these loops can if not stomped on by the careful application of service and user limits. CDI -- The Web Master's Net http://www.thewebmasters.net/ Today's Excuse: vapors from evaporating sticky-note adhesives
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 09:11:21 PDT