In article <199908051755.kaa13...@dingo.cdrom.com>, Mike Smith <m...@smith.net.au> wrote: > > I am working on some resource limit stuff and would like to be > > able to use login.conf to restrict the number of cgi processes that > > certain users can run. Unfortunately, the proprietary cgi product we use > > is owned by root and suid's to the user who owns the script that it is > > called to run. (This is not what I would call a "good idea," but it's what > > I have to work with.) [...] > You need to pester the vendor to correctly switch limits when they > switch UIDs. > > Alternatively, if this is unlikely _and_ the application is dynamically > linked, you could produce a library containing patched set*id functions > and force it into the app using LD_PRELOAD.
N.B., LD_PRELOAD won't work if the program is setuid or setgid. I'm not 100% sure from the original post whether that's the case or not. John -- John Polstra j...@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "No matter how cynical I get, I just can't keep up." -- Nora Ephron To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
