On Fri, Sep 3, 2010 at 07:12, Graham Leggett <[email protected]> wrote: > On 03 Sep 2010, at 2:37 PM, HyperHacker wrote: > >> ...assuming he attacks a single httpd thread, as opposed to say a >> distributed attack or attack on an unrelated process. > > How would a distributed attack be different? > > Obviously an attack on an unrelated process would have nothing to do with > checking the return value of apr_pcalloc(). > > Regards, > Graham > -- > >
"first the attacker has to find a way to reduce system memory to an almost oom condition" Say, by attacking several httpd threads and/or unrelated processes to get them to eat up memory. -- Sent from my toaster.
