Date: Wed, 1 Sep 1999 19:36:00 -0400 (EDT) From: Systems Administrator <geniusj@ods.org> To: Joe Gleason <clash@tasam.com> Cc: Nick Hibma <hibma@skylink.it>, FreeBSD -- The Power to Serve <geniusj@free-bsd.org>, Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD Message-ID: <Pine.BSF.4.10.9909011935460.50399-100000@ods.org> In-Reply-To: <019d01bef4e1$46125ca0$256b52c6@tasam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
They dont ship with a lot of mbufs to keep it running on slower and less-capable machines. ------------------------------------------------------------------------------ Jason DiCioccio | geniusj@free-bsd.org FreeBSD - The Power to Serve | http://www.freebsd.org | http://www.ods.org ------------------------------------------------------------------------------ On Wed, 1 Sep 1999, Joe Gleason wrote: > True, I consider myself an a-typical Joe, but still the point is valid that > a FreeBSD should be fairly resiliant and stable without needing to do alot > of tweaking. There is also the argument that setting resictions by default > could mess up people who don't know to look at the resrictions when > something doesn't work. Probably some happy medium could probably be > achived. > > I think I would be happy with a default config in which: > The average unprived user could not crash the system, but they could use > alot of resources and slow the system down drasticly. > > Joe Gleason > Tasam > > > The average Joe doesn't run FreeBSD > > > > > > -------------------------------------------------------------------------- > ---- > > Jason DiCioccio | geniusj@free-bsd.org > > FreeBSD - The Power to Serve | http://www.freebsd.org > > | http://www.ods.org > > -------------------------------------------------------------------------- > ---- > > > > On Wed, 1 Sep 1999, Nick Hibma wrote: > > > > > > > > That's one of the comments Microsoft makes when a security hole is > > > discovered, switch off that, increase the security level here. It always > > > makes me kind of mad, because that's not what the Joe Average does or > > > is considers something he should do until it's too late. > > > > > > One of the features I like about Unix is for example free space > > > available solely to the root user. It could be imagined that these > > > things also apply to file handles, memory/swap space and other scarce > > > resources. > > > > > > Nick > > > > > > > > > > Exactly what I mean! Limit file descriptors, and it also uses a lot of > CPU > > > > time so you can limit that too.. It will never crash the system with > the > > > > proper limits set :). They can run it all they want. > > > > > > > > > > > > On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > > > > > > > At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > > > > > >If you have public access users, you should have login accounting > in the > > > > > >first place.. and yes, it does stop it :).. I verified this on a > 3.2 box > > > > > >with my login accounting setup.. > > > > > > > > > > How does accounting stop it ? Or do you mean it just discourages > users > > > > > from doing it ? How much overhead does accounting add to the system > ? > > > > > Also, limiting the amount of file descriptors can prevent it, as the > 'bug' > > > > > is essentially a resource starving issue (e.g. fork bomb) > > > > > > > > > > ---Mike > > > > > > ------------------------------------------------------------------------ > > > > > Mike Tancsa, tel 01.519.651.3400 > > > > > Network Administrator, mike@sentex.net > > > > > Sentex Communications www.sentex.net > > > > > Cambridge, Ontario Canada > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > -- > > > e-Mail: hibma@skylink.it > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909011935460.50399-100000>