From owner-freebsd-stable  Mon Mar  6 20:39:42 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id A507A37BE57
	for <stable@FreeBSD.ORG>; Mon,  6 Mar 2000 20:39:38 -0800 (PST)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id UAA22183;
	Mon, 6 Mar 2000 20:39:02 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda22181; Mon Mar  6 20:38:55 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id UAA04890;
	Mon, 6 Mar 2000 20:38:55 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdCy4886; Mon Mar  6 20:38:07 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.3/8.9.1) id UAA03997;
	Mon, 6 Mar 2000 20:38:06 -0800 (PST)
Message-Id: <200003070438.UAA03997@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdWy3993; Mon Mar  6 20:37:40 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.4-RELEASE
X-Sender: cy
To: Mike Tancsa <mike@sentex.ca>
Cc: stable@FreeBSD.ORG
Subject: Re: Stopping a DoS by patching aio calls in STABLE 
In-reply-to: Your message of "Mon, 06 Mar 2000 11:12:49 EST."
             <3.0.5.32.20000306111249.00eef270@marble.sentex.ca> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 06 Mar 2000 20:37:39 -0800
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <3.0.5.32.20000306111249.00eef270@marble.sentex.ca>, Mike 
Tancsa wri
tes:
> 
> As a work around to preventing a local DoS in STABLE (PR 17152), it was
> suggested to me by Alfred Perlstein that I "patch [my] kernel to make all
> aio calls return ENOSYS".  Does anyone have any suggestions as how to do
> that ?  I have a shell server that I am a little worried about because of
> script kiddies :-(

Take a look at spy.  Though it only works under -CURRENT and won't 
solve your immediate problem, it's still a pretty neat concept.

Spy can be found at http://www.freebsd.org/~abial/spy-0.1.tgz and the 
manual can be found at http://www.freebsd.org/~sheldonh/spy.4.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
                    "COBOL IS A WASTE OF CARDS."





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message