From owner-freebsd-security  Thu Sep  2  0:35:51 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 3E55114D41
	for <freebsd-security@FreeBSD.ORG>; Thu,  2 Sep 1999 00:35:48 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id JAA94099;
	Thu, 2 Sep 1999 09:32:37 +0200 (CEST)
	(envelope-from des)
To: Systems Administrator <geniusj@ods.org>
Cc: "L. Sassaman" <rabbi@quickie.net>,
	FreeBSD -- The Power to Serve <geniusj@free-bsd.org>,
	Jeff Wheat <jeff@cetlink.net>, freebsd-security@FreeBSD.ORG
Subject: Re: FW: Local DoS in FreeBSD
References: <Pine.BSF.4.10.9909011511300.48475-100000@ods.org>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 02 Sep 1999 09:32:37 +0200
In-Reply-To: Systems Administrator's message of "Wed, 1 Sep 1999 15:12:03 -0400 (EDT)"
Message-ID: <xzpbtblzs2y.fsf@flood.ping.uio.no>
Lines: 10
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Systems Administrator <geniusj@ods.org> writes:
> If you have it set so that it does SUID for cgi and runs it as the user or
> uses the users accounting limits, it won't work.. and yes, you should set
> some sensible apache limits per user on that stuff, I know its possible.

Apache's suEXEC wrapper doesn't enforce user limits.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message