From owner-freebsd-hubs@FreeBSD.ORG Mon Feb 4 21:28:54 2013 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C158330A for ; Mon, 4 Feb 2013 21:28:54 +0000 (UTC) (envelope-from never@nevermind.kiev.ua) Received: from mail-vc0-f178.google.com (mail-vc0-f178.google.com [209.85.220.178]) by mx1.freebsd.org (Postfix) with ESMTP id 6BD9E11C for ; Mon, 4 Feb 2013 21:28:54 +0000 (UTC) Received: by mail-vc0-f178.google.com with SMTP id m8so4224302vcd.9 for ; Mon, 04 Feb 2013 13:28:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=2k2Ulesc4BTTc5LDTTnLI4TMoXJfE3jZuFIaypHmjQo=; b=OJ+cO+IBXg6fuNjVKm4gjl9SuLfH0ZzOBpo7N57b+4b1i+E4TLyKu2wWYnaTXEaIIx Yfur2o+U+OIHHV2VS2LCx6ThbStv2c/KzsozCiHRrSJ0aeQ4AvdAztdjj9+D2vENIrKx qIKLwm/6i1WzrdlSui2NkPFFz+AzqpQ57WlFjNHzN02DJDnUILvsj/ytuAI29Jsqm6ox uEarw6eQ9kl7O2TK8U+JifzsR0AL7MbhzS9n26kySFyAbIA1c3IDa1ED+yRElbmGE8vf XD8UnuH6TevLh92jiN5gHGUhk8x0xwaTglFDFXe0JgRsxE0cTs69Jrq8z3xn7534UW+n WcAQ== MIME-Version: 1.0 X-Received: by 10.220.119.200 with SMTP id a8mr24176006vcr.38.1360013333543; Mon, 04 Feb 2013 13:28:53 -0800 (PST) Received: by 10.220.82.7 with HTTP; Mon, 4 Feb 2013 13:28:53 -0800 (PST) In-Reply-To: <510FE164.6070502@wenks.ch> References: <510FE164.6070502@wenks.ch> Date: Mon, 4 Feb 2013 23:28:53 +0200 Message-ID: Subject: Re: Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service" From: Alexandr Kovalenko To: Fabian Wenk Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQnuqCptSDqMdZfjXXVFD9xFWMtoMT/ojXr9DLaCP91CDdRlwIYBqY3AiXaP7m0xsNDXUHsz Cc: freebsd-security@freebsd.org, freebsd-hubs@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 21:28:54 -0000 On Mon, Feb 4, 2013 at 6:27 PM, Fabian Wenk wrote: > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of > Service" [1] on the Full-Disclosure mailing list. Is this a known issue to > the FreeBSD community? > > [1] > http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html > > There are also many ftp.*.freebsd.org mirrors listed in the above mention > posting, so I also put freebsd-hubs@ into the recipient list. This will > probably help, that ftp mirror operators are alerted and can take any action > if needed. I can confirm this is an issue on stable/9 r245742. Though I hardly can call it DoS as normally ftp account is running with well-defined ulimits and proper ftpd usage pattern does not generate much CPU usage, so you can keep limits pretty much low, thus not being affected by so-called "DoS". Nevertheless any ideas on how to fix our glob(3)? Regards, Alexandr.