Date: Sat, 10 Apr 1999 23:45:51 +0400 (MSD) From: Dmitry Valdov <dv@dv.ru> To: Brian Feldman <green@unixhelp.org> Cc: freebsd-current@freebsd.org Subject: Re: DoS from local users (fwd) Message-ID: <Pine.BSF.3.95q.990410232904.6263A-100000@xkis.kis.ru> In-Reply-To: <Pine.BSF.4.05.9904101406400.1031-100000@janus.syracuse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 10 Apr 1999, Brian Feldman wrote: > Date: Sat, 10 Apr 1999 14:07:27 -0400 (EDT) > From: Brian Feldman <green@unixhelp.org> > To: Dmitry Valdov <dv@dv.ru> > Cc: freebsd-current@freebsd.org > Subject: Re: DoS from local users (fwd) > > On Sat, 10 Apr 1999, Dmitry Valdov wrote: > > > Hi! > > > > Once again - HOW I can limit CPU usage by *kernel* ? > > Also, I've just tried set maxprocesses 5. > > And it helpless. > > With 5 processes limit user was able to slow down P2-450 computer. > > Switching between windows in X was VERY slow. Mouse movements was slow down > > too. > > CPU states: 32.3% user, 0.0% nice, 67.2% system, 0.0% interrupt, 0.5% idle > > > > Please, just try it. > > If you want to preempt other tasks, make that user's tasks niced!! > Have You tried it? Please try. I think that it's a system call problem. When (pipe, exec, or something? I dont' known how it syscall named) is called many times at the same time, kernel starts using all CPU time while performing these syscalls. It's just my opinion. But I see no way to prevent users from overloading system by kernel. (hmmm, if not to limit maxproc to one or two ;-)))) > > > > > > On Sat, 10 Apr 1999, Brian Feldman wrote: > > > > > Date: Sat, 10 Apr 1999 09:29:19 -0400 (EDT) > > > From: Brian Feldman <green@unixhelp.org> > > > To: Dmitry Valdov <dv@dv.ru> > > > Cc: chris@calldei.com, freebsd-current@FreeBSD.ORG, > > > freebsd-questions@FreeBSD.ORG > > > Subject: Re: DoS from local users (fwd) > > > > > > On Sat, 10 Apr 1999, Dmitry Valdov wrote: > > > > > > > > > > > > > > > On Sat, 10 Apr 1999, Chris Costello wrote: > > > > > > > > > Date: Sat, 10 Apr 1999 02:05:33 -0500 > > > > > From: Chris Costello <chris@holly.dyndns.org> > > > > > Reply-To: chris@calldei.com > > > > > To: Dmitry Valdov <dv@dv.ru> > > > > > Cc: freebsd-current@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG > > > > > Subject: Re: DoS from local users (fwd) > > > > > > > > > > On Sat, Apr 10, 1999, Dmitry Valdov wrote: > > > > > > > You typically want to set a restriction as to how many > > > > > > > processes a user can spawn. This is done by editing > > > > > > > /etc/login.conf and changing the user's login class, see the man > > > > > > > page for 'login.conf'. > > > > > > > > > > > > > > > > > > > I'm about CPU usage, not about many processes. > > > > > > See: > > > > > > CPU states: 17.8% user, 0.0% nice, 81.7% system, 0.5% interrupt, 0.0% > > > > > > idle > > > > > > on any (tested on P2-45) machine. > > > > > > > > > > > > CPU is used by SYSTEM, not by USER. So I can't restrict it with login.conf > > > > > > And load average can be up to 20-40 :( > > > > > > > > > > > > Please don't redirect me to -questions, it's a kernel problem, not just > > > > > > config. > > > > > > > > > > How is it a kernel problem? It's a forkbomb. It spawns many > > > > > processes. You can also limit CPU usage with login.conf, I > > > > > believe. > > > > > > > > Hmm. How I can limit CPU usage by SYSTEM? See top's output below. > > > > > > > > Dmitry. > > > > > > > > PS. I've just tried it. And I'm right - CPU usage limit can't help. > > > > > > > > > > So? Processes that run a while go down in priority [McKusick95 I believe, THE > > > book] so they are preempted easily. Look in top and see if they're all at > > > the top of the list. I bet they're not! Also, you can set per-user niceness > > > levels, and why are you being so liberal giving a standard LUSER 32 processes? > > > This is a system administration problem. > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-current" in the body of the message > > > > > > > > > > Brian Feldman _ __ ___ ____ ___ ___ ___ > > > green@unixhelp.org _ __ ___ | _ ) __| \ > > > FreeBSD: The Power to Serve! _ __ | _ \__ \ |) | > > > http://www.freebsd.org _ |___/___/___/ > > > > > > > > > > > > Brian Feldman _ __ ___ ____ ___ ___ ___ > green@unixhelp.org _ __ ___ | _ ) __| \ > FreeBSD: The Power to Serve! _ __ | _ \__ \ |) | > http://www.freebsd.org _ |___/___/___/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.990410232904.6263A-100000>