You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Bruce Garlock <br...@tiac.net> on 2000/03/19 01:30:12 UTC

general/5901: RLimitNPROC does not seem to work.

>Number:         5901
>Category:       general
>Synopsis:       RLimitNPROC does not seem to work.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sat Mar 18 16:40:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     bruceg@tiac.net
>Release:        1.3.9
>Organization:
apache
>Environment:
Redhat 6.1
Linux linux.server 2.2.14 #3 Thu Mar 2 16:49:49 EST 2000 i586 unknown
>Description:
After discovering someone was able to bring one of my servers down, by continually
clicking on a button that launches a perl cgi program (thus starting several perl
sessions on the server, and brining the load up over 75+), I started to research
how to solve this problem.  After seeing that I could set RLimitNPROC in a 
server config file, I set it to "RLimitNROC 2", just to test it.  I was still able
to launch numerous cgi scripts by performing the Denial of Service method explained
above.  I also tried "RLimitNPROC 2 3" and the same thing happened.

Am I missing something here?
>How-To-Repeat:

>Fix:
Adding a header to each of my cgi scripts that first checks to see how many instances 
of the script are already running, and not executing the script if the limit is reached.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]