Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q3

FreeBSD Security Archives: Re: FW: Local DoS in FreeBSD

Re: FW: Local DoS in FreeBSD

Mike Tancsa (mikesentex.net)
Wed, 01 Sep 1999 16:20:52 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Nick Hibma: "Re: FW: Local DoS in FreeBSD"
Previous message: FreeBSD -- The Power to Serve: "Re: FW: Local DoS in FreeBSD"
In reply to: Mike Tancsa: "Re: FW: Local DoS in FreeBSD"
Next in thread: FreeBSD -- The Power to Serve: "Re: FW: Local DoS in FreeBSD"
Next in thread: Nick Hibma: "Re: FW: Local DoS in FreeBSD"
Reply: FreeBSD -- The Power to Serve: "Re: FW: Local DoS in FreeBSD"

At 02:10 PM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote:
>Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU
>time so you can limit that too.. It will never crash the system with the
>proper limits set :). They can run it all they want.

Well, that sort of helps for kids just doing ./a.out, but would you put
accounting limits on your web server ? That seems like a nasty can of
configuration worms one would be opening no ?

---Mike

>
>On Wed, 1 Sep 1999, Mike Tancsa wrote:
>
>> At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote:
>> >If you have public access users, you should have login accounting in the
>> >first place.. and yes, it does stop it :).. I verified this on a 3.2 box
>> >with my login accounting setup..
>>
>> How does accounting stop it ? Or do you mean it just discourages users
>> from doing it ? How much overhead does accounting add to the system ?
>> Also, limiting the amount of file descriptors can prevent it, as the 'bug'
>> is essentially a resource starving issue (e.g. fork bomb)
>>
>> ---Mike
>> ------------------------------------------------------------------------
>> Mike Tancsa, tel 01.519.651.3400
>> Network Administrator, mikesentex.net
>> Sentex Communications www.sentex.net
>> Cambridge, Ontario Canada
>>
>>
>> To Unsubscribe: send mail to majordomoFreeBSD.org
>> with "unsubscribe freebsd-security" in the body of the message
>>
>
>
>
------------------------------------------------------------------------
Mike Tancsa, tel 01.519.651.3400
Network Administrator, mikesentex.net
Sentex Communications www.sentex.net
Cambridge, Ontario Canada

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Nick Hibma: "Re: FW: Local DoS in FreeBSD"
Previous message: FreeBSD -- The Power to Serve: "Re: FW: Local DoS in FreeBSD"
In reply to: Mike Tancsa: "Re: FW: Local DoS in FreeBSD"
Next in thread: FreeBSD -- The Power to Serve: "Re: FW: Local DoS in FreeBSD"
Next in thread: Nick Hibma: "Re: FW: Local DoS in FreeBSD"
Reply: FreeBSD -- The Power to Serve: "Re: FW: Local DoS in FreeBSD"

This archive was generated by hypermail 2.0b3 on Wed Sep 01 1999 - 15:20:07 CDT