Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2004

    Letting users roll their own PHP/Perl/Python, etc

    I was just wondering about how virtual hosts handle dodgy user-made php/perl/python scripts

    Its easy to unintentionally (or otherwise) create a script this hogs memory and resources...

    So how do you handle this? Close monitoring? Limiting resources in some way?

  2. #2
    Join Date
    Apr 2005
    London, UK
    From my experience the best way to combat this is a combination of cgiwrap and either the Openwall or GRSecurity patches (Linux only, there are similar ways you can restrict in NetBSD and FreeBSD).

    When compiling cgiwrap, make sure you enable rlimits, so for example I can limit all cgi scripts to a maximum of 20 seconds execution time, 20mb ram etc. and a maximum of 5 processes (which avoids forkbombing).

    If you need more information about configuring these, just ask


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts