Dag-Erling Smorgrav <[EMAIL PROTECTED]> wrote:
>Gordon Tetlow <[EMAIL PROTECTED]> writes:
>> If you are using apache (who isn't?), I highly suggest you look into using
>> suexec. That way bad CGI programming is offloaded to the customer and not
>> to your system.
>
>suexec has many weaknesses - amongst other problems, it does not set
>resource limits; nor does it chroot as far as I recall.
Apache itself has support for setting resource limits, although I
agree that in many cases you may want them to be different between the
httpd and the CGIs.
I expect chrooting was left out because people who have the wit to set
up a chroot are capable of adding a couple of lines to a C program.
Tony.
--
f.a.n.finch [EMAIL PROTECTED] [EMAIL PROTECTED]
"Because all you of Earth are idiots!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
