[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RC Bugfix #605868: please unblock sbox-dtc


On Freitag, 17. Dezember 2010, Thomas Goirand wrote:
> SBOX isn't *only* a setuid wrapper, it does a lot more. What's important
> is that it is capable of running CGI scripts in a chroot, and also does
> a lot of setlimits() calls, so that your CGI scripts can't eat all of
> the CPU, RAM, or file descriptors (for example). Please see
> /etc/sbox.conf so that you understand what it is capable of.
> I have on my laptop (and git) a new version that does even more: it
> understands what interpreter to use depending on the type of scripts
> called (it looks at the extension). I've successfully ran php, python,
> perl and ruby scripts this way, in a chroot, without the possibility
> that the scripts "eat" all the RAM. It's very useful. This will be
> uploaded to SID after Squeeze is out.

and why don't you use /etc/security/limits.conf for this?


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: