You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by slumbaby <sl...@yahoo.com> on 2006/08/20 18:49:45 UTC
[users@httpd] stopping processes(dual) from filling up server space
Hello, I am new. Does anyone know how to limit the
amount of cpu time slice usage so that this possible
new exploit does not fill up all the space of a apache
server? Like setting a timer of .0005 nanoseconds that
will stop a virus from filling up space?
For instance, I'll be more specific. Take for instance
the following C code that will fill up all available
disk space && bring to a halt a University running
Solaris(tried) in the 90's.
forgive my syntax, it's been ten years since I've
written any code.
main()
{
for(;;)
malloc(1000);
{
fork();
}
}
return()
Well that was easily plugged by the administrator.
Could such a thing happen in a apache based web server
where you issue a rule set || someone email me and
teach me how to stop such malicous code?
Thank You This is very important
Greg
The Fatman walks alone.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] stopping processes(dual) from filling up server space
Posted by Joshua Slive <jo...@slive.ca>.
On 8/20/06, slumbaby <sl...@yahoo.com> wrote:
> Hello, I am new. Does anyone know how to limit the
> amount of cpu time slice usage so that this possible
> new exploit does not fill up all the space of a apache
> server? Like setting a timer of .0005 nanoseconds that
> will stop a virus from filling up space?
> For instance, I'll be more specific. Take for instance
> the following C code that will fill up all available
> disk space && bring to a halt a University running
> Solaris(tried) in the 90's.
> forgive my syntax, it's been ten years since I've
> written any code.
> main()
> {
> for(;;)
> malloc(1000);
> {
> fork();
> }
> }
> return()
> Well that was easily plugged by the administrator.
> Could such a thing happen in a apache based web server
> where you issue a rule set || someone email me and
> teach me how to stop such malicous code?
> Thank You This is very important
I can't tell exactly what exploit you are trying to fight. There are
lots of ways to DoS any network server. Fighting denial of service
attacks is, in general, a multi-layered, complicated process involving
firewalls, OS-level tools, and apache-level configuration directives.
If your question is specifically about trying to limit the damage that
can be done by people allowed to write CGI scripts and deploy them on
your server, then you can look at the RLimit* directives. But in the
end, if you give someone permission to run arbitrary code on your
server, they can figure out a way to do evil things.
For a more general discussion of DoS attacks, see:
http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos
If you are looking for something more specific, ask a more specific question.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org