I recently saw the Full Disclosure mailing list discussion of the Apache DoS vuln. (http://seclists.org/fulldisclosure/2011/Aug/175)
So I did pkg_add p5-Parallel-ForkManager on a 4.9 release i386, and ran the perl script from killapache_pl.bin (on the FD mail list). It had absolutely no visible effect on our Apache 1.3 running on a 5.0 snapshot (Generic #16) It didn't run out of memory, the server didn't crash and the CPU load seen by systat was minimal (<1%). As the title says "Why am I not surprised?" Thanks devs for fixing bugs before they have sec numbers, you've done it again! R/ *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
