[Hcoop-discuss] CGI/PHP script security

[Adam Chlipala]

Tanveer Singh wrote:

> So how about allowing uploads etc., only from password protected 
> applications. The user would have to register his/her application with 
> hcoop.

That's possible, though I don't see immediately how that would be 
organized technically.  I'd love to see a complete proposal with all 
configuration and custom programming aspects mapped out.

> Another thing which could be done is limit the number of apache child 
> processes/user. this way a DoS with thousands of running processes 
> could be prevented.

This is already being done, but for the stricter measure of the total 
number of processes system-wide owned by a user.  It's hard to pick the 
limit so that users can run reasonable numbers of processes (which would 
suggest relatively high numbers) but can't have too many active CGI 
scripts at once (which would suggest relatively low numbers).  Maybe we 
can use a different mechanism than ulimits to implement what you 
suggest, but that would be significantly more work.

> We could also impose a blanket cap of 200 script(Or any arbit number 
> fydor can handle). This way also we can stop such an attack.

In fact, a fixed limit has been in place and is required for the kinds 
of problems I described to occur.  Harmlessly infinite-looping scripts 
don't do much damage until there get to be very many of them.  The real 
problem comes in that each takes up one Apache child process, which is a 
very limited resource.  The primary problem isn't in limiting CPU usage, 
as I see it.