Cgi-php thread security issues

Www. linuxso. comsecurity22276... many common PHP extensions are developed based on the multi-process idea of LinuxUnix. When these extensions are run in the ISAPI mode, errors will occur in IIS. How did this error occur? Http://www.linuxso.com/security/22276...
Many common PHP extensions are developed based on the multi-process idea of Linux/Unix. These extensions run in the ISAPI mode and cause errors to occur in IIS.

How did this error occur?

Reply content:

Http://www.linuxso.com/security/22276...
Many common PHP extensions are developed based on the multi-process idea of Linux/Unix. These extensions run in the ISAPI mode and cause errors to occur in IIS.

How did this error occur?

If no special processing is performed on multithreading, any function that may cause side effects may cause this problem.

For example, the qsort function of glibc may also use core in multiple threads. Why? Because there is a piece of code like this.

If (phys_pages = 0) {phys_pages = _ sysconf (_ SC _PHYS_PAGES); // _ sysconf function in sysdeps/posix/sysconf. in c, // _ SC _PHYS_PAGES corresponds to the function _ get_phys_pages () // located in the file sysdeps/unix/sysv/linux/getsysstats. in c // open/proc/meminfo through phys_pages_info () to read memory information // (this locates the problem of qsort opening the file) if (phys_pages =-1) /* Error while determining the memory size. so let's assume there is enough memory. otherwise the implementer shoshould provide A complete implementation of the 'sysconf' function. */phys_pages = (long int )(~ 0ul> 1);/* The following determines that we will never use more than a quarter of the physical memory. */phys_pages/= 4; pagesize = _ sysconf (_ SC _PAGESIZE);} // note that if the preceding section is subject to competition, thread security will occur: // if both threads call qsort, when thread 1 obtains phys_pages, thread 2 // will skip this code before it reaches if, directly execute the following if statement -- // and pagesize has not been initialized (= 0) at this time, so the division by zero error will occur, resulting in // core dump/* Just a comment here. we cannot compute (phys_pages * pagesize) and compare the needed amount of memory against this value. the problem is that some systems might have more physical memory then can be represented with a 'size _ t' value (when measured in bytes. * // * If the memory requirements are too high don't allocate memory. * /// if the required memory page size is greater than the total available memory, no memory is allocated (preventing swap from downgrading performance) if (size/pagesize> (size_t) phys_pages) {// use stdlib/qsort directly. sort _ quicksort (B, n, s, cmp, arg); return;} in c ;}

For the complete code reading notes, refer to glibc's qsort Source Code Reading Notes.

By the way, the solution to the qsort problem is to first call qsort in the main thread and let it initialize pagesize. This will only avoid competition.

We recommend that you use FastCGI to run PHP In Windows without thread security issues.