Re: ITP: speedy cgi ("persistent" perl scripts)

[Sam Horrocks <sam@surfpage.com>]

 > ah. that is a problem. in that case, i can't package it for debian.  DSO
 > modules are really the only option for debian - it doesn't make sense to
 > compile in a non-standard option which not everyone will use.

 I've put the DSO onto the todo list.

 > one thing i am going to try doing with speedyCGI is to add suexec-like
 > functionality (test if setuid to username. if yes, then test whether
 > script lives under user's home directory. if not, log security error and
 > abort). the idea is that each vhost user would get their own copy of the
 > speedy binary which would be setuid to them.

 Why not just use suexec and a single (non-setuid) speedy binary?  Whatever
 is safe with regular perl should be just as safe with speedy.  Or are
 you trying to do something beyond what suexec can do?

 > i'd also like to add in resource limits too - limit memory and cpu in
 > particular so that runaway or malicious processes can't bring down the
 > server.
 >
 > i'm not sure if this will be of general use to anyone else but if i have
 > any success with this i will submit patches to you.

 The memory limits have already been requested by someone else.  When I
 looked into it, I couldn't find a portable way to do it.  I'll probably
 just wind up with code that works on some OSes, and not on others.  That
 would be better than nothing though.

 So, send over whatever you come up with -- I'll try to work it into the code.