Date: Wed, 1 Sep 1999 15:12:43 -0400 (EDT) From: Systems Administrator <geniusj@ods.org> To: Mike Tancsa <mike@sentex.net> Cc: FreeBSD -- The Power to Serve <geniusj@free-bsd.org>, freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD Message-ID: <Pine.BSF.4.10.9909011512210.48475-100000@ods.org> In-Reply-To: <4.1.19990901190908.04e0af00@granite.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, they need a few.. but not as many as something like that exploit uses up.. it uses them all.. you shouldn't allow users to do that ------------------------------------------------------------------------------ Jason DiCioccio | geniusj@free-bsd.org FreeBSD - The Power to Serve | http://www.freebsd.org | http://www.ods.org ------------------------------------------------------------------------------ On Wed, 1 Sep 1999, Mike Tancsa wrote: > At 06:04 PM 9/1/99 , FreeBSD -- The Power to Serve wrote: > >Explain what you mean? That is what login classes are for, you dont have > >to put "nobody" in a limited class if this is what you mean.. And you can > >set internal limits in apache if that's what you mean.. I feel you mean > >either one but I don't know :) > > The limits that you have to set for Apache are quite low and restrictive. I > am not sure if you can effectivly do this in a large production webserver. > There are many cases where users need more than a few file descriptors. > > ---Mike > ********************************************************************** > Mike Tancsa, Network Admin * mike@sentex.net > Sentex Communications Corp, * http://www.sentex.net/mike > Cambridge, Ontario * 01.519.651.3400 > Canada * > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909011512210.48475-100000>