Hi, On Freitag, 17. Dezember 2010, Thomas Goirand wrote: > SBOX isn't *only* a setuid wrapper, it does a lot more. What's important > is that it is capable of running CGI scripts in a chroot, and also does > a lot of setlimits() calls, so that your CGI scripts can't eat all of > the CPU, RAM, or file descriptors (for example). Please see > /etc/sbox.conf so that you understand what it is capable of. > > I have on my laptop (and git) a new version that does even more: it > understands what interpreter to use depending on the type of scripts > called (it looks at the extension). I've successfully ran php, python, > perl and ruby scripts this way, in a chroot, without the possibility > that the scripts "eat" all the RAM. It's very useful. This will be > uploaded to SID after Squeeze is out. and why don't you use /etc/security/limits.conf for this? cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.