From owner-freebsd-hackers Fri Jan 19 1:26:26 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 7F05737B404 for ; Fri, 19 Jan 2001 01:26:08 -0800 (PST) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id KAA52260; Fri, 19 Jan 2001 10:26:03 +0100 (CET) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Tony Finch Cc: Gordon Tetlow , "Michael R. Wayne" , hackers@FreeBSD.ORG Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general) References: <20010119010212.A87258@hand.dotat.at> From: Dag-Erling Smorgrav Date: 19 Jan 2001 10:26:02 +0100 In-Reply-To: Tony Finch's message of "Fri, 19 Jan 2001 01:02:12 +0000" Message-ID: Lines: 20 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tony Finch writes: > Apache itself has support for setting resource limits, although I > agree that in many cases you may want them to be different between the > httpd and the CGIs. You most emphatically do not want to do that. You want the CGI to run with its owner's resource limits. > I expect chrooting was left out because people who have the wit to set > up a chroot are capable of adding a couple of lines to a C program. Said program has a big fat warning at the top that says something like "do not ever change this program, you'll only screw it up"... I'm tempted to reply "not much more than it already is". Eivind and I rewrote it for our previous employer, but the mod is part of a large chunk of proprietary code, unfortunately. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message