Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Sep 1999 15:12:03 -0400 (EDT)
From:      Systems Administrator <geniusj@ods.org>
To:        "L. Sassaman" <rabbi@quickie.net>
Cc:        FreeBSD -- The Power to Serve <geniusj@free-bsd.org>, Jeff Wheat <jeff@cetlink.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: FW: Local DoS in FreeBSD
Message-ID:  <Pine.BSF.4.10.9909011511300.48475-100000@ods.org>
In-Reply-To: <Pine.LNX.4.10.9909011706500.13732-100000@thetis.deor.org>

next in thread | previous in thread | raw e-mail | index | archive | help
If you have it set so that it does SUID for cgi and runs it as the user or
uses the users accounting limits, it won't work.. and yes, you should set
some sensible apache limits per user on that stuff, I know its possible.


------------------------------------------------------------------------------
Jason DiCioccio                              | geniusj@free-bsd.org
FreeBSD - The Power to Serve                 | http://www.freebsd.org
                                             | http://www.ods.org
------------------------------------------------------------------------------

On Wed, 1 Sep 1999, L. Sassaman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 1 Sep 1999, FreeBSD -- The Power to Serve wrote:
> 
> > If you have public access users, you should have login accounting in the
> > first place.. and yes, it does stop it :).. I verified this on a 3.2 box
> > with my login accounting setup..
> 
> Okay, tweak the login.conf and you stop users from issuing the attack from
> the shell. But what about someone who builds the program and uploads it
> into a cgi-bin? Are we just to stop allowing cgi's to be run if they
> require higher resource limits?
> 
> 
> 
> L. Sassaman                         
> 
> System Administrator                | "Even the most primitive society has
> Technology Consultant               |  an innate respect for the insane."   
> icq.. 10735603                      |
> pgp.. finger://ns.quickie.net/rabbi |                    --Mickey Rourke
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v0.9.10 (GNU/Linux)
> Comment: OpenPGP Encrypted Email Preferred.
> 
> iD8DBQE3zZXMPYrxsgmsCmoRAixFAKD5invyFWxll26tuJxuJ2u7UlNjNQCgiu1b
> EnM3D/O25Wl+26pXVuRYpWM=
> =Qeqw
> -----END PGP SIGNATURE-----
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909011511300.48475-100000>