Date: Tue, 10 Jul 2001 23:05:07 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Alfred Perlstein <bright@sneakerz.org> Cc: "Robert E. Lee" <rel@gulbransen.com>, Dag-Erling Smorgrav <des@ofug.org>, Ted Mittelstaedt <tedm@toybox.placo.com>, js43064n@pace.edu, freebsd-security@FreeBSD.ORG Subject: Re: Kernel Panic Message-ID: <200107110605.f6B657X24415@earth.backplane.com> References: <xzp4rt57sjq.fsf@flood.ping.uio.no> <Pine.BSF.4.33.0107102047420.261-100000@rlee.leefam.org> <20010710230329.A1894@sneakerz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:* Robert E. Lee <rel@gulbransen.com> [010710 22:54] wrote:
:> On 24 Jun 2001, Dag-Erling Smorgrav wrote:
:> > "Ted Mittelstaedt" <tedm@toybox.placo.com> writes:
:> > A disk error would not crash the system. Please stop spouting
:> > unfounded (though highly imaginative) bullshit.
:>
:> Not to get into a pissing contest, but I have had disk errors in the past
:> that made my system crash.
:>
:> On the original thread, when you have a local account on a box, you can
:> usually use this script as an effective DoS:
:>
:> $ more foo.sh
:> #!/bin/sh
:>
:> while [ 1 -eq 1 ]; do
:> find / -name foo &
:> done
:>
:> The default settings for most Unix OS's allow that type of script to
:> consume enough resources to make the system unusable.
:
:It'd be almost trivial to limit the amount of outstanding IO on a
:per uid basis. Have time for a patch? :)
:
:Hint:
:store the amount of IO in the uidinfo struct, if you go out of
:bounds, sleep on the outstanding buf counter address for a short
:time (*), if the user completes IO, then issue a wakeup.
:
:(*) the reason you can not sleep inifinitely is because you may cause
:a deadlock situation against yourself when writing out dirty buffers,
:or maybe not.. ?
:
:Anyhow, that should allow for throttling.
:
:--
:-Alfred Perlstein [alfred@freebsd.org]
Appropriate resource limits and a properly configured system can go a
long way towards preventing a crash. Expecting an untuned,
insufficiently endowed machine to be able to handle a DOS attack from
a shell prompt is unrealistic. The machine can't really tell the
difference between something like the above and, say, someone starting
up a copy of gnome, or mozilla, or ircd, or a user account dedicated to
serving cvsup. You certainly can't tell by looking at the I/O load...
the above script would only max out the disk's seeking (which a lot
of programs can do), and it does not actually represent any significant
amount of I/O bandwidth relative to, say, a program copying a large
file.
So the fix is really nothing more then the sysadmin setting
appropriate resource limits, monitoring the machine, and blowing away
any idiot user who does the above. The fix is certainly not to try
to make the OS magically figure out that someone is running a DOS
attack from a shell prompt and having it arbitrarily throttle the
uid!
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107110605.f6B657X24415>