From owner-freebsd-security Wed Sep 1 16: 1: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 4708D155A5 for ; Wed, 1 Sep 1999 16:00:54 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id SAA23466; Wed, 1 Sep 1999 18:58:15 -0400 (EDT) Message-Id: <4.1.19990901190908.04e0af00@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Sep 1999 19:10:45 -0400 To: FreeBSD -- The Power to Serve From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <3.0.5.32.19990901162052.023c18d0@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:04 PM 9/1/99 , FreeBSD -- The Power to Serve wrote: >Explain what you mean? That is what login classes are for, you dont have >to put "nobody" in a limited class if this is what you mean.. And you can >set internal limits in apache if that's what you mean.. I feel you mean >either one but I don't know :) The limits that you have to set for Apache are quite low and restrictive. I am not sure if you can effectivly do this in a large production webserver. There are many cases where users need more than a few file descriptors. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message