standalone-nnrpd "dies" when hitting ressource limits
Russ Allbery
rra at stanford.edu
Wed Jul 12 05:45:40 UTC 2000
Moved to inn-workers.
Sven Paulus <sven at tin.org> writes:
> Another idea: Why are we running nnrpd as user "news"? The only cause I
> can think of is to spool articles which couldn't be transmitted to
> innd. If we add (optionally) another user we could seperate DoS problems
> like the one mentioned (some users opening some hundred connections to
> nnrpd).
That's not at all a bad idea. And if the other user were in group news,
it could still have access to the local posting socket and the like, and
one could even just make /news/incoming group-writeable (which I don't
believe opens any additional security problems).
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list