PythonScripts: possible DOS attack via extensive memory usage
Bug #257398 reported by
M.-A. Lemburg
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Create a Python Script and add these lines:
x = 2
while 1:
x = x**x
Running such a script will cause Python to try to allocate huge Python long number objects and eventually terminates with a MemoryError.
While Zope will continue safely after the MemoryError, it does take a while for the MemoryError to get caught and depending on the OS settings, the server will start thrashing.
Running multiple such requests will likely have the OS kill the Zope process.
To post a comment you must log in.
I have no idea how to prevent this.
Perhaps there's a way to do this using some bytecode magic.