for sTeam this problem is rather serious. since we allow users to execute pike code (we can, because we have a security system) crashbugs like these will allow any prankster to kill our servers.
Without any familiarity wiht sTeam - how about executing user pike code in a different pike process or some sort of "execution server"? This could require some sort of communication-layer - it could also not be an option =)
/ Peter Lundqvist (disjunkt)
Previous text:
2003-03-21 23:21: Subject: sTeam DoS vulnerability (still is: Do we have a floatingpoint bug?)
for sTeam this problem is rather serious. since we allow users to execute pike code (we can, because we have a security system) crashbugs like these will allow any prankster to kill our servers.
it's less of a problem for caudium or roxen because of the lack of a security system only trusted users should be executing pike code anyways.
ludger, tom, is there any way we can catch people trying to crash sTeam this way?
greetings, martin.
/ Brevbäraren