Infinite generation of PHP instances

[nvez]

Hello,

I have had a few problems since I have started using mod_suPHP instead of having PHP4 as a DSO apache module and PHP5 as a CGI module.

I have started to use it on this server, so far it was very good but someone who run or had this line which looks like it's completely normal:

exec("php -v 2>&1");

What that actually does is fork another PHP process which does the same thing and so on and it exponentially creates PHP processes till it reaches the 1000s and 2000s of processes, kind of like a fork bomb but completely legit.

That executable of PHP is located at /usr/bin/php and is actually PHP5 CGI version, if I replace php by /usr/local/bin/php which is PHP5 CLI version, it works without looking like a fork bomb, if I replace it by /usr/local/php4/bin/php which is PHP4 CLI version, it works fine again.

I could well replace the script by something else but it cant be a permanent fix as I can still have clients do this in the future.

I have tried and have been told to try putting PAM limits, I have attempted the following:

Add the following to /etc/pam.d/login
session required /lib/security/pam_limits.so

Add the following to /etc/security/limits.conf
# For everyone (users and other)
* hard core 0
* - maxlogins 12
* hard nproc 50
* hard rss 20000

# For group wheel (admins)
@wheel - maxlogins 5
@wheel hard nproc 80
@wheel hard rss 75000

However, it doesn't seem to work. Is this a common problem or what can I do to fix this or am I looking at the wrong place?

Thanks in advance.

[brianoz]

What's possibly not legit is that they even need to do this; why would they do that? It's prone to problems anyway. Are they trying to force a certain version of PHP?