----- Original message ----- > Hi, > > On Freitag, 17. Dezember 2010, Thomas Goirand wrote: > > SBOX isn't *only* a setuid wrapper, it does a lot more. What's > > important is that it is capable of running CGI scripts in a chroot, > > and also does a lot of setlimits() calls, so that your CGI scripts > > can't eat all of the CPU, RAM, or file descriptors (for example). > > Please see /etc/sbox.conf so that you understand what it is capable of. > > > > I have on my laptop (and git) a new version that does even more: it > > understands what interpreter to use depending on the type of scripts > > called (it looks at the extension). I've successfully ran php, python, > > perl and ruby scripts this way, in a chroot, without the possibility > > that the scripts "eat" all the RAM. It's very useful. This will be > > uploaded to SID after Squeeze is out. > > and why don't you use /etc/security/limits.conf for this? > > > cheers, > Holger
Because it would do it for the full of the domain, when I might want to do it just for cgi-bin, or even only some of the cgi-bin in certain folders if I want to. Also, sbox is a convenient interface. Thomas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/1292587021.2574.2.ca...@nokia-n900-42-11
