From owner-freebsd-hackers  Thu Jan 18 12:22: 3 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 963B237B69E
	for <hackers@FreeBSD.ORG>; Thu, 18 Jan 2001 12:21:45 -0800 (PST)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id VAA49471;
	Thu, 18 Jan 2001 21:21:36 +0100 (CET)
	(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Gordon Tetlow <gordont@bluemtn.net>
Cc: "Michael R. Wayne" <wayne@staff.msen.com>, <hackers@FreeBSD.ORG>
Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general)
References: <Pine.BSF.4.31.0101181119530.27604-100000@sdmail0.sd.bmarts.com>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 18 Jan 2001 21:21:35 +0100
In-Reply-To: Gordon Tetlow's message of "Thu, 18 Jan 2001 11:21:15 -0800 (PST)"
Message-ID: <xzpu26wvcfk.fsf@flood.ping.uio.no>
Lines: 11
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Gordon Tetlow <gordont@bluemtn.net> writes:
> If you are using apache (who isn't?), I highly suggest you look into using
> suexec. That way bad CGI programming is offloaded to the customer and not
> to your system.

suexec has many weaknesses - amongst other problems, it does not set
resource limits; nor does it chroot as far as I recall.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message