From owner-freebsd-security@FreeBSD.ORG  Sun Sep 28 23:36:57 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DAF6D16A4B3
	for <security@freebsd.org>; Sun, 28 Sep 2003 23:36:57 -0700 (PDT)
Received: from amsfep11-int.chello.nl (amsfep11-int.chello.nl [213.46.243.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 74BDA43F85
	for <security@freebsd.org>; Sun, 28 Sep 2003 23:36:56 -0700 (PDT)
	(envelope-from dodell@sitetronics.com)
Received: from sitetronics.com ([213.46.142.207]) by amsfep11-int.chello.nl
          (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP
          id <20030929063655.NFLI3404.amsfep11-int.chello.nl@sitetronics.com>;
          Mon, 29 Sep 2003 08:36:55 +0200
Message-ID: <3F77D2A8.10409@sitetronics.com>
Date: Mon, 29 Sep 2003 08:35:20 +0200
From: "Devon H. O'Dell" <dodell@sitetronics.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Philip Paeps <philip+freebsd@paeps.cx>
References: <20030928235939.GH629@hermes.home.paeps.cx>
	<20030929022753.GC334@silverwraith.com>
	<20030929062920.GB760@hermes.nixsys.be>
In-Reply-To: <20030929062920.GB760@hermes.nixsys.be>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: security@freebsd.org
Subject: Re: Apache under attack and eating resources?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2003 06:36:58 -0000


>I forgot to mention I was running mod_php4 from the ports.  I don't think any
>scripts changed in the last few weeks, but I'll have a look into it.  Any idea
>what kind of script bugs could cause PHP to tear things down like this, other
>than the classic loop from hell?
>
>Thanks!
>
> - Philip
>  
>
PHP does a pretty good job from protecting against this. Installing 
mod_php4 from ports will also turn on the --enable-memory-limit switch, 
which causes PHP to terminate if more than x MB RAM are taken (this 
shouldn't segfault Apache). The "classic loop from hell" should also be 
undoable, since PHP has a 60 second execution time limit. You might want 
to run your httpd process in gdb to see what's going on when stuff 
segfaults. If this is indeed a problem with PHP, I'm sure the developers 
would like to hear about it ASAP!

--Devon