Re: FW: Local DoS in FreeBSD

Mike Tancsa (mikesentex.net)
Wed, 01 Sep 1999 21:24:35 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mike Tancsa: "Re: FW: Local DoS in FreeBSD"
• Previous message: Systems Administrator: "Re: FW: Local DoS in FreeBSD"
• In reply to: Mike Tancsa: "Re: FW: Local DoS in FreeBSD"
• Next in thread: Dag-Erling Smorgrav: "Re: FW: Local DoS in FreeBSD"

At 03:12 PM 9/1/99 , Systems Administrator wrote:
>If you have it set so that it does SUID for cgi and runs it as the user or
>uses the users accounting limits, it won't work.. and yes, you should set
>some sensible apache limits per user on that stuff, I know its possible.

Ok, are you talking about enabling accouting i.e. in /etc/rc.conf
accounting_enable="NO" # Turn on process accounting (or NO).
or are you talking about settings in /etc/login.conf ?

If login.conf, and internal apache limits, what are you actually setting,
and what values ? I found that descriptors had to be VERY restrictive in
order to prevent the user from crashing the system. If you have actually
implemented protection against this DOS, by all means, please post to the
list what you did. However, if you are only theorizing, please state so.

        ---Mike
**********************************************************************
Mike Tancsa, Network Admin * mikesentex.net
Sentex Communications Corp, * http://www.sentex.net/mike
Cambridge, Ontario * 01.519.651.3400
Canada *

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Mike Tancsa: "Re: FW: Local DoS in FreeBSD"
• Previous message: Systems Administrator: "Re: FW: Local DoS in FreeBSD"
• In reply to: Mike Tancsa: "Re: FW: Local DoS in FreeBSD"
• Next in thread: Dag-Erling Smorgrav: "Re: FW: Local DoS in FreeBSD"

This archive was generated by hypermail 2.0b3 on Wed Sep 01 1999 - 20:10:58 CDT