Date: 19 Jan 2001 10:26:02 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Tony Finch <dot@dotat.at> Cc: Gordon Tetlow <gordont@bluemtn.net>, "Michael R. Wayne" <wayne@staff.msen.com>, hackers@FreeBSD.ORG Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general) Message-ID: <xzpr91z28r9.fsf@flood.ping.uio.no> In-Reply-To: Tony Finch's message of "Fri, 19 Jan 2001 01:02:12 %2B0000" References: <Pine.BSF.4.31.0101181119530.27604-100000@sdmail0.sd.bmarts.com> <xzpu26wvcfk.fsf@flood.ping.uio.no> <20010119010212.A87258@hand.dotat.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Tony Finch <dot@dotat.at> writes: > Apache itself has support for setting resource limits, although I > agree that in many cases you may want them to be different between the > httpd and the CGIs. You most emphatically do not want to do that. You want the CGI to run with its owner's resource limits. > I expect chrooting was left out because people who have the wit to set > up a chroot are capable of adding a couple of lines to a C program. Said program has a big fat warning at the top that says something like "do not ever change this program, you'll only screw it up"... I'm tempted to reply "not much more than it already is". Eivind and I rewrote it for our previous employer, but the mod is part of a large chunk of proprietary code, unfortunately. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpr91z28r9.fsf>