From owner-freebsd-security Wed Sep 1 13:38: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns.skylink.it (ns.skylink.it [194.177.113.1]) by hub.freebsd.org (Postfix) with ESMTP id 4DCEC15542 for ; Wed, 1 Sep 1999 13:37:53 -0700 (PDT) (envelope-from hibma@skylink.it) Received: from heidi.plazza.it (va-139.skylink.it [194.185.55.139]) by ns.skylink.it (8.9.1/8.8.8) with ESMTP id WAA24245; Wed, 1 Sep 1999 22:38:12 +0200 Received: from localhost (localhost [127.0.0.1]) by heidi.plazza.it (8.9.3/8.8.5) with ESMTP id UAA09006; Wed, 1 Sep 1999 20:19:40 GMT X-No-Spam: Neither the receipients nor the senders email address(s) are to be used for Unsolicited (Commercial) Email without the explicit written consent of either party; as a per-message fee is incurred for inbound and outbound traffic to the originator. Posted-Date: Wed, 1 Sep 1999 20:19:40 GMT Date: Wed, 1 Sep 1999 22:19:40 +0200 (CEST) From: Nick Hibma X-Sender: n_hibma@heidi.plazza.it Reply-To: Nick Hibma To: FreeBSD -- The Power to Serve Cc: Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That's one of the comments Microsoft makes when a security hole is discovered, switch off that, increase the security level here. It always makes me kind of mad, because that's not what the Joe Average does or is considers something he should do until it's too late. One of the features I like about Unix is for example free space available solely to the root user. It could be imagined that these things also apply to file handles, memory/swap space and other scarce resources. Nick > Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU > time so you can limit that too.. It will never crash the system with the > proper limits set :). They can run it all they want. > > > On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > > >If you have public access users, you should have login accounting in the > > >first place.. and yes, it does stop it :).. I verified this on a 3.2 box > > >with my login accounting setup.. > > > > How does accounting stop it ? Or do you mean it just discourages users > > from doing it ? How much overhead does accounting add to the system ? > > Also, limiting the amount of file descriptors can prevent it, as the 'bug' > > is essentially a resource starving issue (e.g. fork bomb) > > > > ---Mike > > ------------------------------------------------------------------------ > > Mike Tancsa, tel 01.519.651.3400 > > Network Administrator, mike@sentex.net > > Sentex Communications www.sentex.net > > Cambridge, Ontario Canada > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- e-Mail: hibma@skylink.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message