Date: Wed, 01 Sep 1999 21:24:35 -0400 From: Mike Tancsa <mike@sentex.net> To: Systems Administrator <geniusj@ods.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD Message-ID: <4.1.19990901211618.04e87740@granite.sentex.ca> In-Reply-To: <Pine.BSF.4.10.9909011511300.48475-100000@ods.org> References: <Pine.LNX.4.10.9909011706500.13732-100000@thetis.deor.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:12 PM 9/1/99 , Systems Administrator wrote: >If you have it set so that it does SUID for cgi and runs it as the user or >uses the users accounting limits, it won't work.. and yes, you should set >some sensible apache limits per user on that stuff, I know its possible. Ok, are you talking about enabling accouting i.e. in /etc/rc.conf accounting_enable="NO" # Turn on process accounting (or NO). or are you talking about settings in /etc/login.conf ? If login.conf, and internal apache limits, what are you actually setting, and what values ? I found that descriptors had to be VERY restrictive in order to prevent the user from crashing the system. If you have actually implemented protection against this DOS, by all means, please post to the list what you did. However, if you are only theorizing, please state so. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990901211618.04e87740>