Date: Sat, 20 Jan 2001 14:16:03 +1100 (EST) From: Andy Farkas <andyf@speednet.com.au> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Tony Finch <dot@dotat.at>, Gordon Tetlow <gordont@bluemtn.net>, "Michael R. Wayne" <wayne@staff.msen.com>, hackers@FreeBSD.ORG Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general) Message-ID: <Pine.BSF.4.21.0101201413570.25499-100000@backup.af.speednet.com.au> In-Reply-To: <xzpr91z28r9.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
I've said it before, and I'll say it again:
http://www.FreeBSD.org/cgi/query-pr.cgi?pr=13606
> Tony Finch <dot@dotat.at> writes:
> > Apache itself has support for setting resource limits, although I
> > agree that in many cases you may want them to be different between the
> > httpd and the CGIs.
>
> You most emphatically do not want to do that. You want the CGI to run
> with its owner's resource limits.
>
> > I expect chrooting was left out because people who have the wit to set
> > up a chroot are capable of adding a couple of lines to a C program.
>
> Said program has a big fat warning at the top that says something like
> "do not ever change this program, you'll only screw it up"... I'm
> tempted to reply "not much more than it already is". Eivind and I
> rewrote it for our previous employer, but the mod is part of a large
> chunk of proprietary code, unfortunately.
>
> DES
> --
> Dag-Erling Smorgrav - des@ofug.org
>
--
:{ andyf@speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101201413570.25499-100000>