[Mongrel] [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack

Sam Giffney samuelgiffney at gmail.com
Thu Oct 26 22:43:14 EDT 2006

Just in case this trips anyone else up...

I applied Ian's suggested patch

# wget -O cgi.rb
# install -m 644 cgi.rb /usr/lib/ruby/1.8/cgi.rb

but this caused my app to throw an error - looks like something to do
with the FileColumn plugin.

undefined method `size' for #<CGI::QueryExtension::MorphingBody:0xb757a62c>
 [RAILS_ROOT]/vendor/plugins/file_column-0.3.2/lib/file_column.rb:57:in `assign'

Anyway I fixed this by running Ian's patch with


which is the current cgi.rb from the ruby1.8 branch rather than the Main branch.

Thanks for the heads up Ian & Zed


More information about the Mongrel-users mailing list