From owner-freebsd-stable@FreeBSD.ORG Sat Mar 11 02:05:56 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3526116AB9F for ; Sat, 11 Mar 2006 02:05:55 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7596645362 for ; Fri, 10 Mar 2006 14:09:06 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2AE8vmQ078603; Fri, 10 Mar 2006 16:08:57 +0200 (EET) (envelope-from dmitry@atlantis.dp.ua) Date: Fri, 10 Mar 2006 16:08:57 +0200 (EET) From: Dmitry Pryanishnikov To: Michael Proto In-Reply-To: <441178F8.1070503@jellydonut.org> Message-ID: <20060310155404.A40396@atlantis.atlantis.dp.ua> References: <441178F8.1070503@jellydonut.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-stable@freebsd.org Subject: Re: RELENG_4 on flash disk and swap X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Mar 2006 02:05:57 -0000 Hello! On Fri, 10 Mar 2006, Michael Proto wrote: > My suggestion would then be to utilize resource limits in > /etc/login.conf for the sshd user (in your example) or other user > accounts for applications that you don't want running out of control. > See login.conf(5) and login_cap(3) for more details on this. In > particular, the datasize, stacksize, memoryuse, and vmemoryuse options > may be of benefit. OK, I'm aware about this measure. But have your tried it yourself against, e.g., OpenSSH? I doubt it. Look at the following: dmitry@test$ ps axu |grep ssh root 20213 0.0 1.3 54724 3356 ?? Is 4:00PM 0:00.10 sshd: dmitry [priv] dmitry 20216 0.0 1.3 54724 3356 ?? I 4:00PM 0:00.03 sshd: dmitry@tty root 20229 0.0 1.3 54724 3356 ?? Ss 4:00PM 0:00.10 sshd: dmitry [priv] dmitry 20232 0.0 1.3 54724 3356 ?? S 4:00PM 0:00.03 sshd: dmitry@tty It's the result of 2 incoming OpenSSH sessions: 2 processes per session, one of them root's and another user's. SSH.COM's sshd always works as a root. Also, during the DoS attack (simultaneous setup of many incoming TCP connections to 22th port) there will be many root's processes like this: root 20278 0.0 1.1 52016 2884 ?? Is 4:07PM 0:00.04 sshd: [accepted] Do you really advise to lower root's limits? I'm sure you don't ;) Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE