Hello,
I want to ask you can i setup an acl with grsecurity that simple don`t allow the main apache process to use more than "some amount of memory" (apache childs and cgi scripts also must be included) and limit the total number of the apache processes (apache childs and cgi scripts also must be included) ? I wan`t to know can i use grsecurity to protect my system from fork and malloc bombs executed from cgi scripts. If i can`t do this with grsecurity what should i use ? DJB softlimit (limit the max number of process but can`t set maximum limit for the all used memory) is useless in this situation.
Thanks in advance