From owner-freebsd-isp Sat Sep 23 23:23:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id B806237B424 for ; Sat, 23 Sep 2000 23:23:16 -0700 (PDT) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id XAA05577; Sat, 23 Sep 2000 23:23:49 -0600 (MDT) Date: Sat, 23 Sep 2000 23:23:48 -0600 (MDT) From: "Forrest W. Christian" To: missnglnk Cc: "Jonathan M. Slivko" , freebsd-isp@FreeBSD.ORG, Tom Subject: Re: Backround Proccess Limiter In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Forgive me for being ignorant, but how does this prevent someone from running an unauthorized background process on a machine? If it has this capabibility it is either non-obvious or I'm being blind. -forrestc@imach.com On Sat, 23 Sep 2000, missnglnk wrote: > Date: Sat, 23 Sep 2000 21:43:48 -0500 (CDT) > From: missnglnk > To: Jonathan M. Slivko > Cc: freebsd-isp@FreeBSD.ORG, Tom > Subject: Re: Backround Proccess Limiter > > Umm, I'm surpoised, on one has come across user/process limits which are > in the base system, see the login.conf(5) and the existing /etc/login.conf > example, and you'll see why you don't need homegrown code, or any other > extensions onto the system. > -- > missnglnk@sneakerz.org > http://www.sneakerz.org/~missnglnk > > On Sat, 23 Sep 2000, Jonathan M. Slivko wrote: > > > Date: Sat, 23 Sep 2000 22:30:25 -0400 > > From: Jonathan M. Slivko > > To: freebsd-isp@freebsd.org, Tom > > Subject: Re: Backround Proccess Limiter > > > > I agree. That is harsh. I was thinking of maybe a piece of homegrown code > > that could do the job. Any ideas as to if someone has already done it in > > FreeBSD? > > > > -- Jonathan M. Slivko > > > > ----- Original Message ----- > > From: "Tom" > > To: > > Sent: Saturday, September 23, 2000 9:59 PM > > Subject: Re: Backround Proccess Limiter > > > > > > > On Sat, 23 Sep 2000 18:50:42 MDT, "Forrest W. Christian" writes: > > > >On Sat, 23 Sep 2000, Jonathan M. Slivko wrote: > > > > > > > >> I'm trying to set up a machine so no eggdrop bots will be able to > > > >> load, but BitchX and BNC sessions will load. I need some kind of > > > >> proccess limiter of some kind to help acheive this task. Does anyone > > > >> know if FreeBSD has one in it already? If so, where can I find it? > > > > > > > >Although it doesn't prevent the load, there is the option of killing all > > > >of the user's processes when they logout... > > > > > > > >(Gotta be careful not to do this for the wrong user (i.e. root)) > > > > > > > > > > You could also install the software you want them to run and then > > > mount all user writable filesystems noexec, including homedirs. > > > Harsh but it works. > > > -- > > > tom@unhooked.net ICQ - 16163541 > > > Spam: the other white meat. AIM - twjansen > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message