On Wed, 1 Dec 1999, Jon Parise wrote:
> On Wed, Dec 01, 1999 at 12:00:22PM +0000, Darkcyde wrote:
>
> > These tend to spiral out of control as because if this happens when PHP is
> > existing as a module as (last time I looked anyway) there doesn't seem to
> > be a way of capping resources that module code eats. (You may scream
> > Rlimitmem/rlimitcpu to me but that only applies to child processes, PHP
> > scripts run within Apache itself)
>
> In the php3.ini file (defaults below):
>
> ;;;;;;;;;;;;;;;;;;;
> ; Resource Limits ;
> ;;;;;;;;;;;;;;;;;;;
>
> max_execution_time = 30 ; Maximum execution time of each script, in seconds
> memory_limit = 8388608 ; Maximum amount of memory a script may consume (8MB)
>
> --
> Jon Parise (parise_at_pobox.com) . Rochester Inst. of Technology
> http://www.pobox.com/~parise/ : Computer Science House Member
>
It's also my understanding that in safe_mode, you can limit the
directories in which php can access files. Between these two, that should
make php as "safe" as running apache is. Also php runs under the apache
uid since it's a module. I suppose if you really wanted to isolate php,
you build it as a standalone binary, then run your php scripts as cgi with
an add_handler pointing at the php binary, running in safe mode with
suExec wrapping it. Of course, that would be very processor intensive and
quite slow compared to running it as a module.
--jim--
--
James Phillips || ...there is no spoon.
Received on Dec 02 1999
Intro
