httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From HyperHacker <hyperhac...@gmail.com>
Subject Re: rational behind not checking the return value of apr_palloc and apr_pcalloc
Date Fri, 03 Sep 2010 13:58:52 GMT
On Fri, Sep 3, 2010 at 07:12, Graham Leggett <minfrin@sharp.fm> wrote:
> On 03 Sep 2010, at 2:37 PM, HyperHacker wrote:
>
>> ...assuming he attacks a single httpd thread, as opposed to say a
>> distributed attack or attack on an unrelated process.
>
> How would a distributed attack be different?
>
> Obviously an attack on an unrelated process would have nothing to do with
> checking the return value of apr_pcalloc().
>
> Regards,
> Graham
> --
>
>

"first the attacker has to find  a way to reduce system memory to an
almost oom condition"
Say, by attacking several httpd threads and/or unrelated processes to
get them to eat up memory.

-- 
Sent from my toaster.

Mime
View raw message