Date: Tue, 2 Oct 2001 12:08:31 +0300 From: Peter Pentchev <roam@ringlet.net> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: ck@cksoft.de, freebsd-security@freebsd.org Subject: Re: login.conf & FreeBSD 4.4 Message-ID: <20011002120831.A704@ringworld.oblivion.bg> In-Reply-To: <200110020907.f9297d695258@sheol.localdomain>; from hawkeyd@visi.com on Tue, Oct 02, 2001 at 04:07:39AM -0500 References: <004701c14b0c$ce44f140$45e03ac3_skif.net@ns.sol.net> <Pine.LNX.4.33.0110020953290.6866-100000_localhost.cksoft.de@ns.sol.net> <200110020907.f9297d695258@sheol.localdomain>
index | next in thread | previous in thread | raw e-mail
On Tue, Oct 02, 2001 at 04:07:39AM -0500, D J Hawkey Jr wrote: > In article <Pine.LNX.4.33.0110020953290.6866-100000_localhost.cksoft.de@ns.sol.net>, > ck@cksoft.de writes: > > > > If you are talking about cgi scripts run by apache you might want to > > patch suexec to do this. There is nothgin in apache that would normally > > set the requested privilidges. > > > > we added following to apache-x-x-x/src/support/suexec.c to actually > > enforce setting of resource limits. There is nothing in apache that would > > normally set these up for you. > > > > [SNIP] > > Reading between the lines, are you saying that any app "not from FreeBSD" > running on FreeBSD isn't likely to be accounted for because they pro'lly > don't set up limiting resources (by way of the C function you hacked in)? Exactly. It has to call setusercontext(3) or some other of the functions listed in the setclasscontext(3) manual page. G'luck, Peter -- I am not the subject of this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011002120831.A704>