On 8/20/06, slumbaby <slumbaby@xxxxxxxxx> wrote:
Hello, I am new. Does anyone know how to limit the
amount of cpu time slice usage so that this possible
new exploit does not fill up all the space of a apache
server? Like setting a timer of .0005 nanoseconds that
will stop a virus from filling up space?
For instance, I'll be more specific. Take for instance
the following C code that will fill up all available
disk space && bring to a halt a University running
Solaris(tried) in the 90's.
forgive my syntax, it's been ten years since I've
written any code.
main()
{
for(;;)
malloc(1000);
{
fork();
}
}
return()
Well that was easily plugged by the administrator.
Could such a thing happen in a apache based web server
where you issue a rule set || someone email me and
teach me how to stop such malicous code?
Thank You This is very important
I can't tell exactly what exploit you are trying to fight. There are lots of ways to DoS any network server. Fighting denial of service attacks is, in general, a multi-layered, complicated process involving firewalls, OS-level tools, and apache-level configuration directives. If your question is specifically about trying to limit the damage that can be done by people allowed to write CGI scripts and deploy them on your server, then you can look at the RLimit* directives. But in the end, if you give someone permission to run arbitrary code on your server, they can figure out a way to do evil things. For a more general discussion of DoS attacks, see: http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos If you are looking for something more specific, ask a more specific question. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|