[Zope] More regular expressions security
Paul Winkler
pw_lists@slinkp.com
Sun, 19 Jan 2003 16:21:28 -0800
On Sun, Jan 19, 2003 at 09:13:12PM +0100, Tue Wennerberg wrote:
> >Well, I vaguely remember having participated in a discussion about that
> >also, and I believe I chipped in an example like:
> >
> >for a in range(0,1000):
> > for b in range(0,1000):
> > for c in range(0,1000):
> >
> >... you get the picture.
> >
> >Thus demonstrating that a malicious scripter could always cause a DOS.
Malicious script writer don't need no stinkin' loop:
999999999999999L ** 999999999999999L
That will keep Zope completely busy for a nice long while*;
due to the way the Global Interpreter Lock works,
no other threads will get to run at all as long as this
computation is running, because it's only one instruction
and the lock can't be released to another thread in the middle of
an instruction.
Put that in a script, and as soon as someone
visits the script, zope is hung until it finishes.
Yes, I've tried it.
* I don't know how long this will hang for ...
I tried it, but got bored of waiting for it
to finish so I killed it.
Even 99999L ** 99999L takes longer than I care to wait for.
--
Paul Winkler
http://www.slinkp.com
Look! Up in the sky! It's ANNOYING RHINOCEROUS CLOWN!
(courtesy of isometric.spaceninja.com)