From owner-freebsd-security  Tue Oct  2  2: 7:49 2001
Delivered-To: freebsd-security@freebsd.org
Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101])
	by hub.freebsd.org (Postfix) with ESMTP id DCF7237B40A
	for <freebsd-security@freebsd.org>; Tue,  2 Oct 2001 02:07:45 -0700 (PDT)
Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193])
	by breg.mc.mpls.visi.com (Postfix) with ESMTP
	id D06182D0542; Tue,  2 Oct 2001 04:07:44 -0500 (CDT)
Received: (from hawkeyd@localhost)
	by sheol.localdomain (8.11.1/8.11.1) id f9297d695258;
	Tue, 2 Oct 2001 04:07:39 -0500 (CDT)
	(envelope-from hawkeyd)
Date: Tue, 2 Oct 2001 04:07:39 -0500 (CDT)
Message-Id: <200110020907.f9297d695258@sheol.localdomain>
Mime-Version: 1.0
X-Newsreader: knews 0.9.8a
Reply-To: hawkeyd@visi.com
Organization: if (!FIFO) if (!LIFO) break;
References: <004701c14b0c$ce44f140$45e03ac3_skif.net@ns.sol.net>
    <Pine.LNX.4.33.0110020953290.6866-100000_localhost.cksoft.de@ns.sol.net>
In-Reply-To: <Pine.LNX.4.33.0110020953290.6866-100000_localhost.cksoft.de@ns.sol.net>
From: hawkeyd@visi.com (D J Hawkey Jr)
Subject: Re: login.conf & FreeBSD 4.4
X-Original-Newsgroups: sol.lists.freebsd.security
To: ck@cksoft.de, freebsd-security@freebsd.org
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In article <Pine.LNX.4.33.0110020953290.6866-100000_localhost.cksoft.de@ns.sol.net>,
	ck@cksoft.de writes:
> 
> If you are talking about cgi scripts run by apache you might want to
> patch suexec to do this. There is nothgin in apache that would normally
> set the requested privilidges.
> 
> we added following to apache-x-x-x/src/support/suexec.c to actually
> enforce setting of resource limits. There is nothing in apache that would
> normally set these up for you.
>  
> 	[SNIP]

Reading between the lines, are you saying that any app "not from FreeBSD"
running on FreeBSD isn't likely to be accounted for because they pro'lly
don't set up limiting resources (by way of the C function you hacked in)?

Badly phrased, I know, but you get my drift?

> Greetings
> Christian

Dave

-- 

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message