| palbertini 2008-04-01, 7:07 pm |
| emmettnicholas:
> One idea I've seen is to use token_get_all(), and then make sure no
> T_STRING tokens match known "dangerous" function names.
I think it might be imposiible the identify these functions, since
harmless function may become dangerous when combined in the right way.
Consider this script:
$i = 1000*1000*1000;
$s = "foo and bar hang around";
for ($a =0; $a < $i; $a++) {
$h = fopen ("file$a.txt","w");
fputs($h,$s);
fclose($h);
}
The only function used here is simple file manip functions, but your
webserver might not be able to deal with 1000000000 small txt files. I
could also avoid these functions by using copy() (and maybe copying some
images you used in the webpage). This is not directly malicious code.
Maybe a script could copy itself and afterwards include the copy (one
million times), which will surely allocate a lot of memory ....
Better stick to another solution. Maybe describing your project would
help.
|