httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: Oops explained
Date Wed, 10 Jul 1996 14:09:53 GMT
Randy Terbush wrote:
> 
> > Further investigation has revealed that my problem is not Apache but the
> > CGI+SCO 5 (it seems). What I hadn't made clear before was that the server in
> > question was a test server, and was handling but a single request (which is
> > why MaxClients didn't really matter).
> > 
> > Anyway, the problem was caused by the rogue CGI growing without limit. When the
> > process hits around 60 MB, SCO stops working. Not sure why it gives me "too
> > many process" errors when, in fact, the number of processes is unchanged (out
> > of swap space, perhaps?).
> > 
> > Anyway, this made me wonder about using setrlimit() to stop the process from
> > running away. I then wondered whether, in fact, Apache should (optionally) use
> > setrlimit() to limit _all_ CGIs?
> > 
> > Thoughts?
> 
> This is a safety net that I had planned to add to the http_exec.c and
> setuid exec stuff that Jason and I have been working on. It would
> then set these limits for included execs, cgi execs etc.

Fine, but I want it _now_!

Presumably http_exec is just a distillation of various bits of exec code from
about the place? If so, can we move over to it before the setuid exec is
complete?

As a matter of interest, what technique are you using in the end to soothe our
security fears?

Cheers,

Ben.

> 
> 
> 

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Mime
View raw message