Ah, I've read Stefan's Hardened patch, and yes, it is much simpler & superior than the patch that Michael Vergoz proposed.
Yes yes :D I simply never get the segfault - so i can control the process execution. other way other idea other man.
I had implemented this way with sigaltstack() the problem is that the process must be stop after that segfault (on threaded server the server will continue to stop) and after that it's really dangerous & nightmare to keep the process on.
Make the choise you want. Anyway PHP folks told me that they will never control lazyuserfriendly stuff.
-michael
----- Original Message ----- From: "Nuno Lopes" <nlopess@php.net>
To: "Ilia Alshanetsky" <ilia@prohost.org>; "Michael Vergoz" <mv-php@binarysec.com>
Cc: "Stefan Esser" <sesser@hardened-php.net>; <Jared.Williams1@ntlworld.com>; "'Wez Furlong'" <kingwez@gmail.com>; "'PHPdev'" <internals@lists.php.net>
Sent: Sunday, February 26, 2006 9:18 PM
Subject: Re: [PHP-DEV] Vote for Zend Deep Stack Prevention (ZDSP)
Using recursive functions without any constraint is a bad programming practice, period. You should always implement a pop/push stack in those situations to avoid getting into infinite or near infinite recursion.
Ilia
OK, but the good compilers/interpreters don't segfault..
This time its my turn to produce a patch :) It plays with signals & such. I've discovered that zend_bailout() does everything I needed :)
http://mega.ist.utl.pt/~ncpl/zend_stack_protection.txt
Ah, I've read Stefan's Hardened patch, and yes, it is much simpler & superior than the patch that Michael Vergoz proposed.
Nuno
-- PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:
http://www.php.net/unsub.php