Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Semaphores Please?
  • From: Nicholas Sideris <magician@xxxxxxxxxxx>
  • Date: Tue, 25 Nov 2003 08:00:43 +0200
  • Message-id: <3FC2F00B.5040006@xxxxxxxxxxx>

Ok, I admit this may be a little out of topic, but it is related a bit with system security. I am using apache 1.3 of SuSE 8.2 distribution for running a web site. Now the system it gets occasionally hacked, with various methods but I want a little help about one specific of them.

It seems that somehow the hackers out there, can make my system to run out of semaphores, under a common DOS attack. I am using semaphores also into the site's cgi code, but I suppose that under normal circumastances no more that 20 to 40 are needed for all of the running CGIs.

But when they attack my server, it successfully runs out of semaphores, causing both cgi and sometimes apache to malfunction or get completely down.

Last night's attempt made that obvious message to be written in apache's error log:

semget: No space left on device

So what I need, is if I can raise the available number of semaphores, so to be more available for preventing such kind of attacks. Where's the system's semaphore configuration file? Also I may need to raise the number of file descriptors or set 'em to unlimited. How I can do this?

Any kind of help would be appriciated.

< Previous Next >
Follow Ups