[plug] UNIX - RISKS
Leon Brooks
leon at brooks.smileys.net
Mon Feb 22 15:32:16 WST 1999
Christian wrote:
> On Mon, 22 Feb 1999, David Buddrige wrote:
> > > create other than the hard limits imposed by the operating system. Since
> > > incoming TCP/IP connections are usually handled by servers that run as
> > > root, it is possible to completely fill a target machine's process table
> > This is based on incorrect data.
> > While it is true that servers run as root, it _is_ possible to place a
> > limit on the number of processes that a given server task executes. For
> > example Apache can be configured fairly simply to only allow a specific
> > maximum number of connections, after which it will refuse further
> > connections.
> I believe this is something specifically to do with Apache and isn't
> really related to the way inetd (or sendmail etc.) handle these
> connections.
Well, no. Apache not only has config directives specifically for coping
with this kind of attack, but also throws away root priviledges ASAP.
--
"Somebody once said that in looking for people to hire, you look for
three qualities: integrity, intelligence, and energy. And if they don't
have the first, the other two will kill you. You think about it; it's
true. If you hire somebody without the first, you really want them to
be dumb and lazy."
-- Warren Buffet
More information about the plug
mailing list