httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From HyperHacker <hyperhac...@gmail.com>
Subject Re: rational behind not checking the return value of apr_palloc and apr_pcalloc
Date Fri, 03 Sep 2010 22:22:49 GMT
On Fri, Sep 3, 2010 at 13:24, dave b <db.pub.mail@gmail.com> wrote:
>> "first the attacker has to find  a way to reduce system memory to an
>> almost oom condition"
>> Say, by attacking several httpd threads and/or unrelated processes to
>> get them to eat up memory.
>>
>> --
>> Sent from my toaster.
>>
>
> If you know something why not share it ;) ?
> imho Apache is pretty good - so perhaps you could find a commonly used
> module that leaks memory?
>
> Also, I hope your toaster is running netbsd with apache ^^
>
> --
> As flies to wanton boys are we to the gods; they kill us for their
> sport.          -- Shakespeare, "King Lear"
>

Just tossing around ideas. What's the threshold for killing these
child processes? What prevents someone from bringing several to just
below that threshold?

-- 
Sent from my toaster.

Mime
View raw message