From owner-freebsd-hackers  Fri Jan 19 19:17:43 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from backup.af.speednet.com.au (af.speednet.com.au [202.135.188.244])
	by hub.freebsd.org (Postfix) with ESMTP id B05AC37B401
	for <hackers@FreeBSD.ORG>; Fri, 19 Jan 2001 19:17:22 -0800 (PST)
Received: from backup.af.speednet.com.au (backup.af.speednet.com.au [172.22.2.4])
	by backup.af.speednet.com.au (8.11.1/8.11.1) with ESMTP id f0K3G3m25809;
	Sat, 20 Jan 2001 14:16:03 +1100 (EST)
	(envelope-from andyf@speednet.com.au)
Date: Sat, 20 Jan 2001 14:16:03 +1100 (EST)
From: Andy Farkas <andyf@speednet.com.au>
X-Sender: andyf@backup.af.speednet.com.au
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Tony Finch <dot@dotat.at>, Gordon Tetlow <gordont@bluemtn.net>,
	"Michael R. Wayne" <wayne@staff.msen.com>, hackers@FreeBSD.ORG
Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general)
In-Reply-To: <xzpr91z28r9.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.21.0101201413570.25499-100000@backup.af.speednet.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I've said it before, and I'll say it again:

    http://www.FreeBSD.org/cgi/query-pr.cgi?pr=13606

> Tony Finch <dot@dotat.at> writes:
> > Apache itself has support for setting resource limits, although I
> > agree that in many cases you may want them to be different between the
> > httpd and the CGIs.
> 
> You most emphatically do not want to do that. You want the CGI to run
> with its owner's resource limits.
> 
> > I expect chrooting was left out because people who have the wit to set
> > up a chroot are capable of adding a couple of lines to a C program.
> 
> Said program has a big fat warning at the top that says something like
> "do not ever change this program, you'll only screw it up"... I'm
> tempted to reply "not much more than it already is". Eivind and I
> rewrote it for our previous employer, but the mod is part of a large
> chunk of proprietary code, unfortunately.
> 
> DES
> -- 
> Dag-Erling Smorgrav - des@ofug.org
> 

--
 
 :{ andyf@speednet.com.au
  
        Andy Farkas
    System Administrator
   Speednet Communications
 http://www.speednet.com.au/
  




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message