Re: function sleep() in all versions of PHP

[Juan Miguel - Prisma Virtual - <jmiguel@xxxxxxxxxxxxxxxxx>]

Mark Sanders escribió:
> This vulnerability is not per se a vulnerability but a annoyance that 
> has been dealt with in many ways.
>
> It is quite common to not let any process on a web server run longer 
> then a specified time. This is usually made possible by some trivial 
> shell scripting that checks the running time of certain processes.
>
> This annoyance is also not limited to PHP. Any scripting language that 
> has the ability to execute something with the means of system() can 
> create and call a script that uses memory and waits indefinitely.
>
> This is also an annoyance that will not be seen as a bug or will be 
> "fixed" because it would leave the language almost useless. Although 
> some do attempt to fix this by disabling all possible functions that 
> can execute something like exec, system, eval, etc. but it is not 
> limited to that. The same long wait can be achieved with fsockopen or 
> any other stream function like fread, fwrite, etc. Even if your wait 
> is limited to 60 seconds you can just repeat it in a simple loop and 
> still maintain the very low actual cpu time usage.
>
> This is and has never been a security hole or threat. It will also 
> never be. It is just an annoyance for which many solutions are already 
> available.

Which are the avalaible solutions ?

Thanks.