On 09/03/2010 02:13 AM, Graham Leggett wrote:
On 03 Sep 2010, at 12:53 AM, Nick Kew wrote:
I disagree about 'broken': a cache isn't *required* to cache ranges.
I definitely agree that a cache isn't required to cache ranges, but
right now mod_cache actively forbids the caching of ranges
On 03 Sep 2010, at 5:31 AM, dave b wrote:
Sure ok :)
You have no complains from me really here. Just this could be an issue
on some platform with some mods potentially :)
In order to understand why it isn't an issue for httpd, you need to
understand how httpd works.
httpd has a thin
On Fri, Sep 3, 2010 at 03:49, Graham Leggett minf...@sharp.fm wrote:
On 03 Sep 2010, at 5:31 AM, dave b wrote:
Sure ok :)
You have no complains from me really here. Just this could be an issue
on some platform with some mods potentially :)
In order to understand why it isn't an issue for
On Fri, Sep 3, 2010 at 07:12, Graham Leggett minf...@sharp.fm wrote:
On 03 Sep 2010, at 2:37 PM, HyperHacker wrote:
...assuming he attacks a single httpd thread, as opposed to say a
distributed attack or attack on an unrelated process.
How would a distributed attack be different?
Obviously
On 03 Sep 2010, at 3:58 PM, HyperHacker wrote:
first the attacker has to find a way to reduce system memory to an
almost oom condition
Say, by attacking several httpd threads and/or unrelated processes to
get them to eat up memory.
At which point the child processes are terminated, and httpd
On Thu, 2 Sep 2010, Graham Leggett wrote:
snip
Should however the cache implementation want to take a breath, it returns to
mod_cache with unconsumed bucket(s) still remaining in the in brigade.
mod_cache in turn sends the already-processed buckets in the out brigade
down the filter stack to
On 03 Sep 2010, at 4:25 PM, Niklas Edmundsson wrote:
This could even go a bit further with providing the cache
implementation with a hint of when it would be polite of it to
return. I think it would probably be easier if the cache
implementation knows what's expected of it. Or?
That I've
first the attacker has to find a way to reduce system memory to an
almost oom condition
Say, by attacking several httpd threads and/or unrelated processes to
get them to eat up memory.
--
Sent from my toaster.
If you know something why not share it ;) ?
imho Apache is pretty good - so
On Fri, Sep 3, 2010 at 13:24, dave b db.pub.m...@gmail.com wrote:
first the attacker has to find a way to reduce system memory to an
almost oom condition
Say, by attacking several httpd threads and/or unrelated processes to
get them to eat up memory.
--
Sent from my toaster.
If you know