Date: Thu, 5 Aug 1999 11:13:57 -0700 (PDT) From: John Polstra <jdp@polstra.com> To: mike@smith.net.au Cc: hackers@freebsd.org Subject: Re: login.conf restrictions for suid processes possible? (fwd) Message-ID: <199908051813.LAA04237@vashon.polstra.com> In-Reply-To: <199908051755.KAA13017@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <199908051755.KAA13017@dingo.cdrom.com>, Mike Smith <mike@smith.net.au> wrote: > > I am working on some resource limit stuff and would like to be > > able to use login.conf to restrict the number of cgi processes that > > certain users can run. Unfortunately, the proprietary cgi product we use > > is owned by root and suid's to the user who owns the script that it is > > called to run. (This is not what I would call a "good idea," but it's what > > I have to work with.) [...] > You need to pester the vendor to correctly switch limits when they > switch UIDs. > > Alternatively, if this is unlikely _and_ the application is dynamically > linked, you could produce a library containing patched set*id functions > and force it into the app using LD_PRELOAD. N.B., LD_PRELOAD won't work if the program is setuid or setgid. I'm not 100% sure from the original post whether that's the case or not. John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "No matter how cynical I get, I just can't keep up." -- Nora Ephron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908051813.LAA04237>