standalone-nnrpd "dies" when hitting ressource limits
Sven Paulus
sven at tin.org
Sat Jul 8 10:28:00 UTC 2000
On 08.07., Heiko Schlichting wrote:
> I think this is what MAX_FORKS is used for. If you don't want this behavior
> you can increase MAX_FORKS. But in most cases it is a better solution to
> terminate the standalone nnrpd than crashing other processes on the system
> like inn or innfeed.
Depends on the application. I can think of cases where its better to have
innd crash (this causes a stop to the flow of the articles, most customers
won't notice this when fixed within 30 minutes or so) than the nnrpd
stopping to answer.
> Your patch would make MAX_FORKS useless and increases the risk for a harmful
> standalone nnrpd. You can just raise MAX_FORKS to a high value and should have
> the same effect if you really want this.
Another idea: Why are we running nnrpd as user "news"? The only cause I can
think of is to spool articles which couldn't be transmitted to innd. If we
add (optionally) another user we could seperate DoS problems like the one
mentioned (some users opening some hundred connections to nnrpd).
Sven
More information about the inn-patches
mailing list