From owner-freebsd-security  Wed Sep  1 16:11:35 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mail.ods.org (fbsd2.ods.org [205.252.42.124])
	by hub.freebsd.org (Postfix) with SMTP id 49F1F14D7D
	for <freebsd-security@FreeBSD.ORG>; Wed,  1 Sep 1999 16:11:31 -0700 (PDT)
	(envelope-from geniusj@ods.org)
Received: (qmail 48537 invoked by uid 1000); 1 Sep 1999 19:12:43 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 1 Sep 1999 19:12:43 -0000
Date: Wed, 1 Sep 1999 15:12:43 -0400 (EDT)
From: Systems Administrator <geniusj@ods.org>
To: Mike Tancsa <mike@sentex.net>
Cc: FreeBSD -- The Power to Serve <geniusj@free-bsd.org>,
	freebsd-security@FreeBSD.ORG
Subject: Re: FW: Local DoS in FreeBSD
In-Reply-To: <4.1.19990901190908.04e0af00@granite.sentex.ca>
Message-ID: <Pine.BSF.4.10.9909011512210.48475-100000@ods.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Yes, they need a few.. but not as many as something like that exploit uses
up.. it uses them all.. you shouldn't allow users to do that



------------------------------------------------------------------------------
Jason DiCioccio                              | geniusj@free-bsd.org
FreeBSD - The Power to Serve                 | http://www.freebsd.org
                                             | http://www.ods.org
------------------------------------------------------------------------------

On Wed, 1 Sep 1999, Mike Tancsa wrote:

> At 06:04 PM 9/1/99 , FreeBSD -- The Power to Serve wrote:
> >Explain what you mean? That is what login classes are for, you dont have
> >to put "nobody" in a limited class if this is what you mean.. And you can
> >set internal limits in apache if that's what you mean.. I feel you mean
> >either one but I don't know :)
> 
> The limits that you have to set for Apache are quite low and restrictive. I
> am not sure if you can effectivly do this in a large production webserver.
> There are many cases where users need more than a few file descriptors. 
> 
> 	---Mike
> **********************************************************************
> Mike Tancsa, Network Admin        *  mike@sentex.net
> Sentex Communications Corp,       *  http://www.sentex.net/mike
> Cambridge, Ontario                *  01.519.651.3400
> Canada                            *
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message