From owner-freebsd-hackers  Mon Nov 13 10:58:44 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from beast.daemontech.com (beast.daemontech.com [208.138.46.45])
	by hub.freebsd.org (Postfix) with SMTP id E66FD37B479
	for <freebsd-hackers@freebsd.org>; Mon, 13 Nov 2000 10:58:39 -0800 (PST)
Received: (qmail 23709 invoked for bounce); 13 Nov 2000 18:58:39 -0000
Received: from xwin.nmhtech.com (208.138.46.10)
  by beast.daemontech.com with SMTP; 13 Nov 2000 18:58:39 -0000
Content-Length: 2470
Message-ID: <XFMail.001113105839.nicole@daemontech.com>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Date: Mon, 13 Nov 2000 10:58:39 -0800 (PST)
Organization: Daemon Technologies
From: Nicole Harrington <nicole@daemontech.com>
To: freebsd-hackers@freebsd.org
Subject: Log analysis program running under apache reboots server!
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Greetings all.. 

  I have been trying to test an apache log analizing program called Nettracker
 (wwww.sane.com) the program seems nice except for the fact that it keeps
 rebooting/crashing the server. This would just be labeled crappy software
 except for the fact that I am running the software as user apache and have
setup process limits in login.conf and it is still able to reboot the server.
 
  This seems like a real problem and security issue as I have setup limits in
 /etc/login.conf (see below) and the program is being run via CGI as user
 apache, yet it is still capable of rebooting the system. Seems like a nice
 hack
 to me.
 
  If anyone could check over my  login.conf settings below and make sure they
 are
 correct/ truly usefull, I would really appreciate it! Also any information on
 how this program could so easily reboot the server would be nice too.
 
   Thanks!!
 
 
    Nicole
 
 System is 4.1-STABLE and has 256 Megs of memory and 4X that of swap.
 
 apacheuser:\
         :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
         :cputime=4h:\
         :datasize=64M:\
         :stacksize=4M:\
         :filesize=infinity:\
         :memoryuse=64M:\
         :priority=0:\
        :datasize-cur=32M:\
        :stacksize-cur=32M:\
        :coredumpsize-cur=0:\
        :maxmemorysize-cur=64M:\
        :memorylocked=32M:\
        :maxproc=128:\
        :openfiles=256:\
         :tc=standard:
 
## standard - standard user defaults
##
 standard:\
         :copyright=/etc/COPYRIGHT:\
         :welcome=/etc/motd:\
         :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
         :path=~/bin /bin /usr/bin /usr/local/bin:\
         :manpath=/usr/share/man /usr/local/man:\
         :nologin=/var/run/nologin:\
         :cputime=1h30m:\
         :datasize=8M:\
         :stacksize=2M:\
         :memorylocked=4M:\
         :memoryuse=8M:\
         :filesize=8M:\
         :coredumpsize=8M:\
         :openfiles=24:\
         :maxproc=32:\
         :priority=0:\
         :requirehome:\
         :passwordtime=90d:\
         :umask=002:\
         :ignoretime@:\
         :tc=default:
 
 default:\
         :cputime=infinity:\
         :datasize-cur=22M:\
         :stacksize-cur=8M:\
         :memorylocked-cur=10M:\
         :memoryuse-cur=30M:\
         :filesize=infinity:\
         :coredumpsize=infinity:\
         :maxproc-cur=64:\
         :openfiles-cur=64:\
         :priority=0:\
         :requirehome@:\
         :umask=022:\
 
 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message