[Hcoop-discuss] CGI/PHP script security
Adam Chlipala
adamc at hcoop.net
Thu Nov 3 22:03:56 EST 2005
I recently added a section to this wiki page describing the security
measures we apply now to CGI/PHP script execution:
http://wiki.hcoop.net/wiki/DynamicWebSites
One aspect of the set-up that has been causing problems is the 10-second
limit on script execution time. Apparently Apache will start a script
running before all input is available, so that this limit will include
the time taken to transfer files via HTTP upload. This places some
effective limits on sizes of uploaded files.
The reason that the time limit restriction is in place is that CGI/PHP
scripts are served using a shared pool of Apache child processes. There
are a limited number of these processes, so tying up a significant
number of them at the same time can be the basis for a cheap and
effective DoS attack. One member with a public upload script that
imposed no limit on transferred file size would be providing a way for
even dial-up users to hog as many of our Apache child processes as they
want for an indefinite amount of time. No other web pages would be
served while this was occurring, and it's possible that Apache might
even crash, though I'm not sure.
We've also in the past had incidents of members accidentally putting
infinite-looping CGI scripts on the web. This can lead to the same
problems.
I'm writing to ask for opinions on how we should modify our script
security settings to let everyone do reasonable things without leaving
open gaping security holes. One option is to keep things as they are
and simply require that members run their own web server processes if
they want to support large file uploads. Thoughts?
More information about the HCoop-Discuss
mailing list