standalone-nnrpd "dies" when hitting ressource limits

[Russ Allbery]

Moved to inn-workers.

Sven Paulus <sven at tin.org> writes:

> Another idea: Why are we running nnrpd as user "news"? The only cause I
> can think of is to spool articles which couldn't be transmitted to
> innd. If we add (optionally) another user we could seperate DoS problems
> like the one mentioned (some users opening some hundred connections to
> nnrpd).

That's not at all a bad idea.  And if the other user were in group news,
it could still have access to the local posting socket and the like, and
one could even just make /news/incoming group-writeable (which I don't
believe opens any additional security problems).

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>